HQ/EMEAFind out how we can help your business
The BlackCat ransomware group has revealed that they successfully infiltrated the network of the prominent healthcare company Henry Schein. According to the group, they have stolen an extensive volume of data, including sensitive information such as payroll records and shareholder data.
Henry Schein, a healthcare solutions provider and a Fortune 500 corporation, is present in 32 countries. Based on the latest tally, the company’s revenue exceeds $12 billion in 2022. Unfortunately, on October 15, they had to take specific systems offline due to a cyberattack affecting their manufacturing and distribution divisions.
The company acted immediately to mitigate the incident, taking measures such as system shutdowns, causing temporary disruptions in some of its business operations. They are actively working to resolve the situation. Fortunately, Henry Schein One, the provider’s practice management software, remains unaffected by the breach.
Henry Schein assured everyone that they were already addressing the issue.
In response to the incident, the company immediately alerted relevant law enforcement agencies and employed a third-party security provider to aid them with their investigation of the potential data breach. A week after disclosing the cyberattack, they encouraged customers to place orders through their Henry Schein representatives or dedicated telesales phone numbers.
The company has yet to disclose further details about the alleged BlackCat ransomware attack. Almost two weeks later, the ransomware group included Henry Schein on its dark web leak site, claiming that they had infiltrated the company’s network and stole a whopping 35 terabytes of sensitive data.
Furthermore, the BlackCat ransomware group claims to have re-encrypted the company’s devices just as Henry Schein was nearing the completion of its system restoration because their negotiations had allegedly failed.
The threat actors expressed their frustration, stating that despite ongoing discussions with Henry’s team, they have yet to indicate the company’s commitment to prioritising the security of clients, partners, and employees or even safeguarding their network.
The threat actors threatened to release some of the company’s internal payroll data and shareholder files on their collections blog, intending to continue releasing more data daily.
As of now, Henry Schein’s entry on BlackCat’s data leak website is not present, suggesting the possibility of the company resuming negotiations or paying the ransom. These details will receive confirmation in the following days. If the ransomware group continues to leak information, they may have yet to reach an agreement with Henry Schein.
