The latest we know about the Henry Schein cybersecurity incident

Cyberattack Hacker

Here is the latest update about the cybersecurity incident that was first reported by Henry Schein to the general public via a press release that the company issued on October 15.

According to the release, on October 14, Henry Schein “determined that a portion of its manufacturing and distribution businesses experienced a cybersecurity incident. Henry Schein promptly took precautionary action, including taking certain systems offline and other steps intended to contain the incident, which has led to temporary disruption of some of Henry Schein’s business operations.” The release went on to state that the company was “working to resolve the situation as soon as possible.”

On October 19, SecurityWeek.com posted an article that included this note, “SecurityWeek has checked the leak websites of several major ransomware groups, but has found no mention of Henry Schein at the time of writing.”

When contacted on October 25 for updates or further information about the incident, Ann Marie Gothard, vice president of global corporate media relations, referred DrBicuspid.com to the investor relations page of the Henry Schein website, which contains the original release.

Upon visiting the HenrySchein.com website on October 26, a message displayed on the homepage reminds customers that the company is “taking orders and shipping products.” The next paragraph states, “All orders for consumables and small equipment including diagnostics, RX products (other than controlled substances), and hazardous materials are being taken and fulfilled from all major distribution centers, with orders generally expected to ship within one or two business days.”

Further down on the homepage, the note informs readers that Henry Schein One was not impacted by the incident. In the original press release, Schein stated, “Henry Schein has determined that the practice management software used by its clients has not been disrupted.”

We will continue to monitor the situation and provide updates with the latest information available from Henry Schein on this cybersecurity incident.

December 13

Cybercriminals that hit Henry Schein not only may have accessed the personal data of about 29,000 people, but the ransomware gang infiltrated the company’s network for more than two weeks before it was discovered, according to a data breach notification.

The cyberstrike occurred on September 27, but Henry Schein did not discover it until October 14, according to a notification from the Office of the Maine Attorney General. A day later, the dental distributor notified the public of the cybersecurity incident and that it was taking most of its systems offline.

Furthermore, the ransomware gang BlackCat may have stolen data, including names or other personal identifiers in combination with financial account numbers, credit/debit card numbers, as well as security codes and passwords, from 29,112 people. Of those potential victims, 38 are residents of Maine, according to the notification.

November 27

For the second time in about 40 days, the BlackCat ransomware gang claimed to have hit Henry Schein with another cyberattack that disabled some of its applications for a few days and has shut down its e-commerce sites in Canada and Europe.

On November 27, the dental distributor announced that its e-commerce site in the U.S. had been restored following six days of unavailability. Its e-commerce sites in Canada and Europe “are expected to follow shortly,” according to a company press release dated November 27. Schein representatives referred DrBicuspid back to its website for comments.

November 14 

Henry Schein informed customers and suppliers in the U.S. on November 13 that the cyber strike that kept its operations incapacitated for about a month may have exposed sensitive data, including bank account and credit card numbers to third parties.

As a precaution, consumers and suppliers are encouraged to change bank and credit card account passwords, review their accounts for suspicious activity, and enhance account transaction authorizations. Additionally, free credit monitoring and identity protection services will be provided, where applicable, to those affected by any data breach, according to the letters.

November 13

A week-plus after a notorious ransomware gang claimed to have stolen dozens of terabytes (TB) of data and threatened to dump the pilfered data, including shareholder information, Henry Schein announced on November 13 that it's close to recovering from the breach.

The dental and medical company’s distribution businesses are operational, and it will initiate the reactivation of its e-commerce platform early this week, Stanley Bergman, Henry Schein’s board chairman and CEO, said in a press release dated November 13.

“The company has contained the incident, restored most of the business-critical systems it proactively took offline in response to the situation and is making significant progress towards resuming normal-course operations,” according to the press release.

Furthermore, Henry Schein expects to file an insurance claim in 2024 related to the ransomware attack. Although final resolution is subject to insurer approval, the company expects the claim to be covered under its cyber insurance policy.

November 3

The BlackCat ransomware crew has taken responsibility for the cyberattack, claiming it took dozens of terabytes (TB) of data, including shareholder information and payroll data, according to a story published on November 2 in Bleeping Computer.

BlackCat is a ransomware as a service (RaaS) organization that surfaced in 2021, but it has made a name for itself and even caught the attention of the U.S. Federal Bureau of Investigation (FBI) in 2022. The FBI announced that BlackCat had successfully attacked more than 60 organizations between November 2021 and March 2022.

BlackCat is believed to be a possible rebranding of the cyberattack group DarkSide, which gained notoriety after breaching the Colonial Pipeline, the largest refined oil pipeline system in the U.S., and it pays cybercriminal affiliates much more than other RaaS operations, according to CIS.

Recently, a BlackCat affiliate admitted to breaching the systems at MGM Resorts. That attack exposed the data of about 10.6 million guests of the resort.

November 1

As of the morning of November 1, Henry Schein's home page was still reflecting the information above. No new information had been posted on the investor page referenced above.

Page 1 of 148
Next Page