Henry Schein discloses data breach a year after ransomware attack
Henry Schein has finally disclosed a data breach following at least two back-to-back cyberattacks in 2023 by the BlackCat Ransomware gang, revealing that over 160,000 people had their personal information stolen.
Henry Schein is a healthcare solutions provider and a Fortune 500 company with operations and affiliates in 32 countries and revenue of over $12 billion in 2022.
On October 15, the company disclosed that it was forced to take some systems offline to contain a cyberattack that impacted manufacturing and distribution operations.
While Henry Schein did not disclose the nature of the attack, the BlackCat (ALPHV) ransomware gang claimed responsibility, stating that they stole 35 TB of sensitive files.
Almost a month later, on November 22, the company once again disclosed that it suffered another attack, again by the now shut down BlackCat ransomware gang.
The ransomware gang claimed to have encrypted Henry Schein’s network a second time after negotiations failed and threatened to encrypt it a third time if a ransom was not paid.
While it is unknown if the threat actors followed through with another attack, they released some of the data stolen from Henry Schein on their data leak site.
Now, over a year later, Schein has confirmed in a data breach notification to the Maine Attorney General that the ransomware gang stole the personal data of 166,432 people during these attacks.
“Following the incident, the Company worked with an outside expert firm to review potentially affected files in order to identify information that was obtained by the unauthorized third-party as part of the incident,” reads Henry Schein’s data breach notification.
“This review required substantial time and resources and progressed during the first half of 2024.”
“The investigation recently determined that your personal information was affected as part of the incident, including your [Extra2]. It is possible that other sensitive information about you was also impacted, which may depend on what information was previously provided to the Company about you.”
BleepingComputer contacted Henry Schein to ask what type of data was stolen in the attack but did not receive a response.
The company is now offering impacted users a free 24-month membership to Experian’s IdentityWorksSM to help monitor credit history and detect signs of fraud.
Source link