The latest cyberattack on Henry Schein serves as a reminder that succumbing to the demands of cybercriminals is never the answer. This marks the third time the prominent healthcare solutions provider has been targeted by the BlackCat ransomware group, despite speculations of paying a ransom.
The hacker collective posted new updates regarding the Henry Schein data breach on their dark web channel, signaling a third cyberattack on the company’s cybersecurity defenses. This occurred several months after the company’s initial breach in October, followed by a subsequent attack in November.
Following the earlier attacks, Henry Schein’s website was briefly taken down, and the company had to process orders manually for several days. However, a few days later, BlackCat removed Henry Schein from its leak website, which could indicate that negotiations had resumed or that a ransom had been paid.
It is possible that Henry Schein paid a ransom to BlackCat in order to regain access to its data and systems. While the company did not confirm paying a ransom, its removal from the hacker group’s victim list does indicate a ransom payment.
The Chronology of Henry Schein Cyberattacks
Henry Schein initially fell victim to the BlackCat ransomware attack on October 14, resulting in a month-long operational hiatus. Despite the company’s efforts to recover, the cyber assailants struck again on November 14, causing over $500 million in losses, as per the threat actor.
Notably, the ALPHV/BlackCat group claims to have re-encrypted Henry Schein twice, with a forewarning of a third attack looming on the horizon.
Security researcher, Dominic Alvieri, reported that after the Henry Schein data breach incident, the company was removed from the leak site affiliated with the BlackCat ransomware group. Dominic tweeted, “Why you should never pay a ransom,” along with a screenshot allegedly showing leaked data from Henry Schein.
This removal hints at a ransom deal between the organization and the threat actor. However, the insurance giant didn’t share any such updates for a ransom deal being made, further drifting the intention and motivation behind these waves of cyberattacks on Henry Schein.
Henry Schein data breach incidents rise again
While security firms like Aon’s partner Stroz Friedberg and AVASEK teams were engaged to mitigate the threat, the situation worsened.
Attempts at the collaborative resolution, including temporary public statements and refraining from data exposure, failed due to what BlackCat perceives as Henry and Coveware’s inadequate strategy and communication.
With Henry Schein’s market value at a staggering $9 billion, questions arise regarding the management’s handling of the crisis. The cyber attackers criticize the company’s perceived lack of professionalism and express concern over potential management issues within Henry Schein.
The aftermath of the Henry Schein cyberattacks raises concerns for investors. The need to scrutinize management performance and decision-making becomes paramount.
The repeated breaches highlights the vulnerability of even multi-billion-dollar corporations, urging caution when dealing with entities like the BlackCat ransomware group.
The Henry Schein data breach fallout
The BlackCat ransomware group claims to have exposed sensitive data, including DEA numbers, PII data, and supplier bank accounts.
Partnerships with major entities like Walmart, BDO, Pfizer, and others may lead to legal battles and extensive repercussions for Henry Schein in addition to the ongoing data breaches.
The Cyber Express reached out to Henry Schein for clarification on the alleged data breach. However, as of the time of writing, no official response or statement has been received, leaving the claims of this third Henry Schein data breach unverified.
In October, Henry Schein acknowledged a cyber incident that compromised customer data. The company is still recovering from the cybersecurity incident that affected its dental and medical distribution operations in North America and Europe.
Moreover, Henry Schein’s financial outlook for 2023 has been significantly affected, with a projected sales decrease of 1% to 3% attributed to the cyber incident.
Analysts estimate a $500 million impact, emphasizing the severity of the situation. The company plans to file a claim with its cyber-insurance policy, which has a $60 million after-tax claim limit.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
