Henry Schein says October data breach compromised customers' financial information

Henry Schein, a leading U.S. healthcare solutions provider, said the data breach it suffered in November involved cyber criminals accessing the sensitive financial information of its suppliers and customers.

In a security incident notice posted on its website, Henry Schein said it identified a cyber security incident on October 14 that affected portions of its manufacturing and distribution businesses.

The healthcare solutions provider said it immediately launched an investigation with assistance from third party cyber security experts to understand the nature and scope of the incident. It also took precautionary action including taking parts of its internal network offline to limit the spread of the malware, which led to temporary disruption of some business operations.

Recently, Cybernews reported that on November 13, the company sent out notices to both customers and suppliers to share the details of an investigation it conducted following the cyber security incident.

“Henry Schein is now aware that a data breach has occurred. Customer and personal identifiable information [PII] such as bank account numbers, credit card numbers, and other sensitive information may have been exposed to third parties,” Henry Schein said in its letter.

The company added that there is a possibility that the compromised financial information has been misused by threat actors. It has asked all affected parties to remain vigilant and change the passwords of their bank and credit card accounts and review recent transactions for any suspicious activity.

The notorious BlackCat/ALPHV ransomware group claimed responsibility for launching the cyber attack on the healthcare provider’ systems and listed the company as a victim on its data leak site. The group claims to be in possession of around 35 terabytes of stolen data and says it gave Henry Schein a deadline of November 3 to pay a ransom.

“Despite ongoing discussions with Henry’s team, we have not received any indication of their willingness to prioritise the security of their clients, partners, and employees, let alone protect their own network," the threat actors said.

“As of midnight today, a portion of their internal payroll data and shareholder folders will be published on our collections blog. We will continue to release more data daily,” the group added.

In September, the ALPHV/BlackCat ransomware group also claimed responsibility for a major cyber attack on MGM Resorts International which put 31 MGM property websites and the company’s mobile rewards app out of action.

“All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation,” the group posted.