The cybersecurity incident that caused a one-month pause of most operations at Henry Schein has led to the dental distributor's noncompliance with the Nasdaq Stock Market listing requirements, according to a company press release dated November 16.
Henry Schein expected the notice because it did not file its quarterly report, which is required by Nasdaq and the U.S. Securities and Exchange Commission (SEC), in a timely manner. The company notified the SEC that limited access to information, which was due to it having to take certain systems offline following an October 14 cyberstrike, prevented it from filing the report by the November 14 deadline.
The business has 60 days to file its report with the SEC, but it expects to do so by the end of November, according to the release.
On November 13, Schein informed customers and suppliers in the U.S. that the cyberstrike may have exposed their sensitive data, including bank account and credit card numbers, to third parties. Schein encouraged both groups to be vigilant about changing passwords and monitor their accounts for suspicious activity. This week, Schein's e-commerce site and distribution businesses were fully operational.
Also, Henry Schein announced that the cyberattack is expected to hurt its sales for 2023. The company’s full-year 2023 sales are expected to be approximately 1% to 3% lower than its total sales in 2022.
On November 2, the ransomware squad BlackCat, also known as ALPHV, claimed on a leak site on the dark web that it had breached Henry Schein’s network and looted 35TB of sensitive data, which included payroll and shareholder information. The crew had threatened to dump the stolen data. Additionally, the gang, a ransomware as a service organization, alleged that its negotiations with the company had failed, so it re-encrypted the healthcare giant’s devices again just as Henry Schein was close to restoring its systems.