Incident Report

Henry Schein Victim of Healthcare Attack

By

By

Access Point Consulting

Overview

On October 15, 2023, healthcare giant Henry Schein fell victim to a cyberattack by the BlackCat (ALPHV) ransomware gang. The attack forced the company to take precautionary measures, resulting in temporary disruptions to its manufacturing and distribution businesses. Henry Schein, a Fortune 500 company with operations in 32 countries and revenue exceeding $12 billion in 2022, promptly notified law enforcement authorities and engaged external cybersecurity experts to investigate a potential data breach. The organization's network was compromised through a cyberattack by the BlackCat (ALPHV) ransomware gang. The specific attack method has not yet been disclosed. Initial signs of the incident were detected on October 14, 2023.

The attack significantly affected Henry Schein's operations, particularly in its manufacturing and distribution businesses. While the Henry Schein One practice management software remained unaffected, sensitive data, including payroll information and shareholder data, were compromised. The attackers claimed to have stolen 35 terabytes of data.

Response and Recovery

The company took swift action to contain the ransomware by taking certain systems offline and implementing other precautionary measures.

Henry Schein's incident response plan was activated and proved useful in containing the incident. The company promptly notified stakeholders, including law enforcement authorities, about the attack.
They have not disclosed whether negotiations with the attackers were pursued, or if any ransom was paid. Henry Schein is actively working to restore affected systems and data. The expected downtime and impact on business operations have not been specified.

Recommendations

Executives should prioritize cybersecurity measures to prevent future incidents, including regular security assessments and employee training. Implement and regularly test incident response plans to ensure an effective and swift response in case of a breach. To strengthen security measures and prevent future ransomware attacks, Access Point recommends organizations commit to a comprehensive security overhaul, including but not limited to, regular security audits, employee training, and robust access controls. The lessons learned from this incident should inform future security practices, emphasizing the importance of proactive cybersecurity measures.

The breach by the BlackCat (ALPHV) ransomware gang had a significant impact on Henry Schein's operations and resulted in the compromise of sensitive data. The company's response was prompt and effective, but there is a need for ongoing efforts to strengthen security measures and prevent future incidents. Regular assessments, employee training, and a robust incident response plan will be crucial in safeguarding the organization against future cyber threats.

Resources

Trending Articles & Security Reports

Resources

CyberWatch

November 22, 2024

Patch Updates, New Malware Threats, and the Ongoing Supply Chain Battle

On this episode of the CyberWatch podcast, there are updates to software across the application and OS spectrum. New malicious campaigns are threatening victims of all sizes, and researchers have performed dissections on malware to give defenders new clues about just what it is they're fighting. All this today, in CyberWatch.

Find out more
October 25, 2024

Ransomware, Supply Chain Attacks, and Nation-State Threats

CyberWatch, by Access Point Consulting, is your weekly source for emerging cybersecurity news, regulatory updates, and threat intelligence. Backed by experts in security consulting, regulatory compliance, and security operations, Access Point enables you to manage cyber risks, respond to incidents, and drive innovation in your company. Read here or on our website; listen on Spotify or Apple Podcasts; or watch on YouTube.website; listen on Spotify or Apple Podcasts; or watch on YouTube. .

Find out more
October 7, 2024

VINs and Losses: How Hackers Take Kias for a Ride

In the age of smart cars and connected devices, convenience often comes with hidden risks. A recently discovered critical vulnerability in Kia vehicles serves as a stark reminder of how our increasingly digital world is making cars new targets for cyberattacks. This vulnerability allowed hackers to remotely control various vehicle functions—using nothing more than a car's license plate number. It highlights the growing threat of cyberattacks on connected cars and the importance of cybersecurity in the automotive industry.

Find out more