Healthcare Behemoth Henry Schein Targeted Twice by BlackCat Ransomware

November 27, 2023

Henry Schein, an American healthcare company and a Fortune 500 entity, has been hit twice within a month by the BlackCat/ALPHV ransomware gang. The company, which operates in 32 countries and reported revenues exceeding $12 billion in 2022, first disclosed a cyberattack on October 15, forcing it to take some systems offline. This incident was followed by another attack on November 22, which led to the shutdown of some of its applications and its e-commerce platform. The company stated, 'Certain Henry Schein applications, including its ecommerce platform, are currently unavailable. The Company continues to take orders using alternate means and continues to ship to its customers.' The same threat actor from the previous incident claimed responsibility for this attack.

The company has since restored its U.S. e-commerce platform and anticipates the restoration of its Canadian and European platforms shortly. Despite these disruptions, the company continues to receive orders through alternative channels and fulfill customer shipments. The BlackCat ransomware gang has claimed responsibility for breaching the company's network and allegedly stealing 35 terabytes of sensitive data. The gang re-encrypted the company's devices after negotiations broke down at the end of October, just as Henry Schein was about to restore its systems. This marks the third time since October 15 that BlackCat has encrypted Henry Schein's systems after breaching its network.

The ransomware gang stated, 'Despite ongoing discussions with Henry's team, we have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network. As of midnight today, a portion of their internal payroll data and shareholder folders will be published on our collections blog. We will continue to release more data daily.' BlackCat is believed to be a rebrand of the notorious DarkSide/BlackMatter gang, which gained global attention after targeting the Colonial Pipeline. The FBI has linked this group to over 60 breaches affecting organizations worldwide between November 2021 and March 2022. A spokesperson for Henry Schein has not yet commented on the cyberattacks disclosed this month.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.