Healthcare giant Henry Schein reveals data breach after major ransomware attack
US healthcare giant Henry Schein has finally reported ransomware attacks to the US government, almost a year after the incidents occurred.
The company has filed a data breach notification with the Office of the Maine Attorney General, detailing the October 2024 attacks by the now-defunct BlackCat (AKA ALPHV) ransomware operation, which breached its systems and stole 35 TB of stole sensitive company data.
Details about the nature of the stolen files have not been disclosed, so we don’t know if they contain payment information, banking information, or more.
Identity theft
The company reportedly tried to negotiate with the crooks to have the files deleted, but the negotiations failed. This resulted in the second burglary about a month later, by the same threat actor. Afterwards, the crooks began leaking the information stolen during the attack and threatened to encrypt the systems for a third time. We don’t know if that ever happened, as only some of the data is said to have been leaked.
Now Henry Schein confirmed in the data breach notification that the number of affected people is 166,432.
“We can rest assured that upon discovery of the incident, our cybersecurity team immediately took a series of steps, including taking certain systems offline and other steps intended to contain the incident, hiring cybersecurity experts and conducting an investigation to identify and remove any malicious files. and determine which business systems have been affected, and seek to implement measures to strengthen our defenses going forward,” the company said in its announcement.
It now offers affected individuals tools to detect and resolve identity theft through Experian for a period of two years.
Henry Schein is a Fortune 500 company and one of the global leaders in its industry, providing healthcare solutions as well as the distribution of medical, dental and veterinary supplies. It supports healthcare providers and institutions around the world with essential equipment, software and consulting services. It has a presence in 32 countries and annual revenues of $12 billion.
Via BleepingComputer