Healthcare giant Henry Schein hit twice by BlackCat ransomware

Black cat

American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October.

Henry Schein is a Fortune 500 healthcare products and services provider with operations and affiliates in 32 countries and a revenue of over $12 billion reported in 2022.

It first disclosed on October 15 that it had to take some systems offline to contain another cyberattack that impacted its business one day before.

More than a month later, on November 22, the company said that some of its apps and the e-commerce platform were again taken down following another attack claimed by BlackCat ransomware.

“Certain Henry Schein applications, including its ecommerce platform, are currently unavailable. The Company continues to take orders using alternate means and continues to ship to its customers,” it said.

“Henry Schein has identified the cause of the occurrence. The threat actor from the previously disclosed cyber incident has claimed responsibility.”

Today, the company revealed that it has now restored its U.S. e-commerce platform, and it’s expecting that its platforms in Canada and Europe will also be back online shortly.

Across impacted areas, the healthcare services provider is reportedly still receiving orders through alternative channels and shipping to customers.

Henry Schein’s BlackCat breach

The BlackCat ransomware gang added Henry Schein to its dark web leak site, saying it breached the company’s network and allegedly stole 35 terabytes of sensitive data.

According to the cybercrime operation, they re-encrypted the company’s devices after negotiations faltered towards the end of October while Henry Schein was on the verge of restoring its systems.

This would make this month’s incident the third time since October 15 that BlackCat encrypted Henry Schein’s systems after breaching its network.

“Despite ongoing discussions with Henry’s team, we have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network,” the threat actors said.

“As of midnight today, a portion of their internal payroll data and shareholder folders will be published on our collections blog. We will continue to release more data daily.”

BlackCat emerged in November 2021 and is believed to be a rebrand of the infamous DarkSide/BlackMatter gang. Known initially as DarkSide, the gang garnered global attention after hitting Colonial Pipeline, prompting extensive law enforcement probes.

The FBI connected the ransomware group to over 60 breaches affecting organizations globally between November 2021 and March 2022.

A Henry Schein spokesperson has yet to respond to BleepingComputer’s requests for comment regarding the cyberattacks disclosed this month.


Original Source



A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.