The latest we know about the Henry Schein cybersecurity incident

Cyberattack Hacker

Here is the latest update about the cybersecurity incident that was first reported by Henry Schein to the general public via a press release that the company issued on October 15.

According to the release, on October 14, Henry Schein “determined that a portion of its manufacturing and distribution businesses experienced a cybersecurity incident. Henry Schein promptly took precautionary action, including taking certain systems offline and other steps intended to contain the incident, which has led to temporary disruption of some of Henry Schein’s business operations.” The release went on to state that the company was “working to resolve the situation as soon as possible.”

On October 19, posted an article that included this note, “SecurityWeek has checked the leak websites of several major ransomware groups, but has found no mention of Henry Schein at the time of writing.”

When contacted on October 25 for updates or further information about the incident, Ann Marie Gothard, vice president of global corporate media relations, referred to the investor relations page of the Henry Schein website, which contains the original release.

Upon visiting the website on October 26, a message displayed on the homepage reminds customers that the company is “taking orders and shipping products.” The next paragraph states, “All orders for consumables and small equipment including diagnostics, RX products (other than controlled substances), and hazardous materials are being taken and fulfilled from all major distribution centers, with orders generally expected to ship within one or two business days.”

Further down on the homepage, the note informs readers that Henry Schein One was not impacted by the incident. In the original press release, Schein stated, “Henry Schein has determined that the practice management software used by its clients has not been disrupted.”

We will continue to monitor the situation and provide updates with the latest information available from Henry Schein on this cybersecurity incident.

November 13

A week-plus after a notorious ransomware gang claimed to have stolen dozens of terabytes (TB) of data and threatened to dump the pilfered data, including shareholder information, Henry Schein announced on November 13 that it's close to recovering from the breach.

The dental and medical company’s distribution businesses are operational, and it will initiate the reactivation of its e-commerce platform early this week, Stanley Bergman, Henry Schein’s board chairman and CEO, said in a press release dated November 13.

“The company has contained the incident, restored most of the business-critical systems it proactively took offline in response to the situation and is making significant progress towards resuming normal-course operations,” according to the press release.

Furthermore, Henry Schein expects to file an insurance claim in 2024 related to the ransomware attack. Although final resolution is subject to insurer approval, the company expects the claim to be covered under its cyber insurance policy.

November 3

The BlackCat ransomware crew has taken responsibility for the cyberattack, claiming it took dozens of terabytes (TB) of data, including shareholder information and payroll data, according to a story published on November 2 in Bleeping Computer.

BlackCat is a ransomware as a service (RaaS) organization that surfaced in 2021, but it has made a name for itself and even caught the attention of the U.S. Federal Bureau of Investigation (FBI) in 2022. The FBI announced that BlackCat had successfully attacked more than 60 organizations between November 2021 and March 2022.

BlackCat is believed to be a possible rebranding of the cyberattack group DarkSide, which gained notoriety after breaching the Colonial Pipeline, the largest refined oil pipeline system in the U.S., and it pays cybercriminal affiliates much more than other RaaS operations, according to CIS.

Recently, a BlackCat affiliate admitted to breaching the systems at MGM Resorts. That attack exposed the data of about 10.6 million guests of the resort.

November 1

As of the morning of November 1, Henry Schein's home page was still reflecting the information above. No new information had been posted on the investor page referenced above.

Page 1 of 123
Next Page