Henry Schein has confirmed that the BlackCat ransomware attack against its system last year resulted in a data breach. The campaign has compromised over 160,000 people’s personal information.
This affected entity is a Fortune 500 firm that provides healthcare solutions and has operations and affiliates in more than 30 countries. On October 15, the company announced that the cyberattack had forced it to shut down some systems to isolate the malicious operation.
ALPHV ransomware claimed responsibility for the Henry Schein attack.
Henry Schein did not reveal the nature of the attack, but the BlackCat (ALPHV) ransomware gang claimed responsibility and stated that it had successfully stolen 35 TB of critical data. However, a month later, the company announced it had been attacked again by the now-defunct BlackCat ransomware gang.
Additionally, the ransomware gang insisted on encrypting Henry Schein’s network a second time when discussions failed and threatened to encrypt it again if a ransom was not paid. While it is unclear whether the threat actors’ claim is legitimate, they leaked some of the stolen data Henry Schein allegedly owns on their data leak site.
More than a year later, the affected company revealed in a data breach statement that the ransomware group obtained the personal information of approximately 166,000 individuals during these incidents.
The firm assured concerned parties that it already collaborated with a third-party security provider to evaluate possibly affected files and identify information an unauthorised third party received because of the incident.
Still, the investigation into the incident needed significant time and resources, which resulted in its completion in the first half of 2024. The investigation determined that the attackers compromised the personal information stored within the company.
Henry Schein explained that the compromised information may not be affected by the attack since it will depend on the data provided by the user to the company. As of now, these earlier-mentioned details are the only information that the company disclosed publicly.
Therefore, potentially affected individuals should be wary of unsolicited messages, such as phishing attacks, as the threat actors have already published the purported stolen information on their data leak website.