Dental company Henry Schein raises number of data breach victims from 29K to 166K

Dental product distributor Henry Schein this week raised the number of victims whose private information was compromised in 2023 data breaches from 29,112 to 166,432.

Henry Schein suffered two cyberattacks in September and October 2023 claimed by ransomware gang ALPHV/BlackCat. The gang claimed responsibility for those attacks in November and December 2023, respectively, and threatened a third attack as well.

The compromised personal data belongs to employees of Henry Schein and their dependents. The data contained the following info:

• Name
• Address
• Phone number
• email address
• Photograph
• Date of birth
• Demographic and background info
• Social Security number
• Driver’s license number
• Passport number
• Bank account info
• Credit card numbers
• Loans
• Medical history
• Treatments
• Health insurance info
• Job titles
• Compensation
• IP addresses

Henry Schein first notified 29,112 victims on November 17, 2023. Nearly a year after the initial breach, Henry Schein CEO Stanley Bergman told investors in an earnings call that recovery efforts were still ongoing. This week, it confirmed that it notified an additional 137,320 victims.

We do not know if Henry Schein paid a ransom, but given the extended fallout of the attacks, it seems unlikely. Henry Schein hasn’t disclosed how much the ransom demand was or how attackers breached its network.

The company is offering eligible victims 24 months of free identity theft protection via Experian. The original enrollment deadline was February 29, 2024 but has now been extended to January 31, 2025.

Who is ALPHV/BlackCat

ALPHV/BlackCat is responsible for some of the most high profile ransomware attacks of the past few years. The group dark after an attack on Change Healthcare in March 2024, in which it allegedly stole a $22 million ransom payment from affiliates.

In 2023, Comparitech researchers recorded 136 confirmed attacks claimed by ALPHV/BlackCat, compromising 47.4 million records. Companies operating in the US healthcare sector were a prime target with some of the largest breaches stemming from Norton Healthcare (2.5 million records), McLaren Health Care (2.2 million), Transformative Healthcare/Fallon Ambulance Services (912,000), MNGI Digestive Health (766,000), and Electrostim Medical Services (543,000).

Before ALPHV/BlackCat went dark in April 2024, it claimed 40 unconfirmed attacks that weren’t acknowledged by victims since the start of the year.

Ransomware attacks on US healthcare businesses

In 2023, we logged 30 ransomware attacks on companies like Henry Schein that operate within the US healthcare industry but don’t provide direct care to patients. These include medical device companies, healthcare product distributors, and pharmaceutical manufacturers. These attacks compromised 24.9 million records in total. The attack on Henry Schein is the eighth-largest based on records affected.

In 2024, we recorded 15 such attacks affecting 2.3 million records. A recently-confirmed attack on Cencora Inc impacted more than 1.4 million records and resulted in the largest known ransomware payment ever: $75 million to Dark Angels.

About Henry Schein

Henry Schein is the world’s largest distributor of dental equipment and supplies. It operates in 33 countries. It’s an S&P 500 company with $12.3 billion in annual revenue, and more than 25,000 employees.