Henry Schein
Henry Schein is a Fortune 500 healthcare products and services provider with operations and affiliates in 32 countries, with approximately $12 billion in revenue reported in 2022.
It first made public on October 15 that, following a cyberattack the day before, it had to take some systems offline in order to contain the threat.
On November 22, more than a month later, the company announced that parts of its apps and the e-commerce platform had once more been taken down due to another attack that was attributed to the BlackCat ransomware.
"Certain Henry Schein applications, including its ecommerce platform, are currently unavailable. The Company continues to take orders using alternate means and continues to ship to its customers," the announcement said.
"Henry Schein has identified the cause of the occurrence. The threat actor from the previously disclosed cyber incident has claimed responsibility."
Today, the company released a statement, noting that it has restored its U.S. e-commerce platform and that it is expecting its platforms in Canada and Europe to be back online shortly.
The healthcare services company is apparently still taking orders through alternate methods and distributing them to customers in the affected areas.
Henry Schein’s BlackCat Breach
Following the breach, the ransomware gang BlackCat added Henry Schein to its dark web leak forum, taking responsibility for breaching the company’s network. BlackCat notes that it has stolen 35 terabytes of the company’s crucial data.
The cybercrime organization claims that they re-encrypted the company's devices while Henry Schein was about to restore its systems, following a breakdown in negotiations toward the end of October.
This would make the event this month the third time that BlackCat has compromised Henry Schein's network and encrypted its computers after doing so on October 15.
"Despite ongoing discussions with Henry's team, we have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network," the threat actors said.
The ransomware group further warned of releasing their internal payroll data and shareholder folders to their collective blog by midnight.
Initially discovered in November 2021, BlackCat is believed to have rebranded itself from the popular DarkSide/BlackMatter gang. DarkSide has earlier gained global recognition by initiating attacks on Colonial Pipelines, prompting extensive law enforcement probes.
Moreover, the FBI has linked the ransomware group to over 60 breaches, between November 2021 and March 2022, affecting companies globally.
