The BlackCat ransomware crew took responsibility for the cyberattack against Henry Schein, claiming it took dozens of terabytes (TB) of data, including shareholder information and payroll data, according to a story published on November 2 in Bleeping Computer.
The dental and medical distributor, which boasted more than $12 billion in revenue in 2022, announced on October 15 that its manufacturing and distribution business was hit with a cybersecurity incident a day earlier that forced the company to take some of its systems offline. Henry Schein’s business operations have been paralyzed since the attack.
Recently, BlackCat, also known as ALPHV, claimed on the dark web that it breached Henry Schein’s network and pilfered 35TB -- 1TB is equal to about 200,000 five-minute songs -- of sensitive data. Additionally, the gang alleged that its negotiations with the company had broken down so it re-encrypted the healthcare giant’s devices again just as Henry Schein was close to restoring its systems, according to the story.
In a now-deleted dark web entry, the ransomware squad wrote, "Despite ongoing discussions with Henry's team, we have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network,” according to the story.
“(Furthermore,) as of midnight today, a portion of their internal payroll data and shareholder folders will be published on our collections blog. We will continue to release more data daily."
However, the deletion of the post may be an indication that negotiations between the groups have been reignited or that Henry Schein has paid the ransom, according to the story.
Since its announcement about the attack, Henry Schein has been quiet on the issue. As of the publication of this story, Henry Schein representatives could not be reached for comment.
As of this reporting, Schein’s website remained disabled. Those interested in placing orders with the company are encouraged to contact a representative or telesales, according to Henry Schein’s website. Henry Schein One, the company’s practice management software site, was not affected by the security breach. As of this reporting, the software site remained live.
BlackCat is a ransomware as a service (RaaS) organization that surfaced in 2021, but it has made a name for itself and even caught the attention of the U.S. Federal Bureau of Investigation (FBI) in 2022. The FBI announced that BlackCat had successfully attacked more than 60 organizations between November 2021 and March 2022.
In several ways, BlackCat is unique compared to other cybercrime gangs, according to the Center for Internet Security (CIS). BlackCat is believed to be a possible rebranding of the cyberattack group DarkSide, which gained notoriety after breaching the Colonial Pipeline, the largest refined oil pipeline system in the U.S., and it pays cybercriminal affiliates much more than other RaaS operations, according to CIS.
Recently, a BlackCat affiliate admitted to breaching the systems at MGM Resorts. That attack exposed the data of about 10.6 million guests of the resort.