Healthcare giant Henry Schein has fallen victim to a cyberattack by the BlackCat (ALPHV) ransomware gang, who claim to have breached the company's network and stolen 35 terabytes of sensitive data. The haul includes payroll information and shareholder data, posing a significant security risk for the Fortune 500 company. The cyberattack, which forced Henry Schein to take certain systems offline, disrupted some of its manufacturing and distribution operations. The company acted swiftly, notifying law enforcement and engaging external cybersecurity experts to investigate the incident.
Although Henry Schein stated that its Henry Schein One practice management software remained unaffected, the breach highlights the persistent threat ransomware gangs pose to critical infrastructure and sensitive data. In response to the breach, the healthcare solutions provider urged customers to place orders through their representatives or dedicated telesales numbers.
The BlackCat/ALPHV ransomware group escalated the situation by publishing the breach on its dark web leak site. They claim to have encrypted the company's devices again after negotiations with Henry Schein failed. The threat actors expressed dissatisfaction with the company's commitment to security and announced their intention to release more stolen data daily.
The BlackCat gang emerged in November 2021, believed to be a rebrand of the notorious DarkSide/BlackMatter group. DarkSide gained global notoriety for its attack on Colonial Pipeline, prompting international law enforcement investigations. In April 2022, the FBI linked the group to successful attacks on over 60 organizations worldwide between November 2021 and March 2022.
Henry Schein's response to this breach underscores the ongoing challenges organizations face in defending against ransomware attacks, emphasizing the critical importance of robust cybersecurity measures in today's digital landscape. Jess Parnell, VP of Security Operations at Centripetal, shared valuable insights on the incident: "Bad actors are probing and doing reconnaissance constantly to see what can or can’t get through the network. And they are quickly changing their tactics to increase their success rate. That’s why organizations run out of human runway quickly and it’s why their infrastructure is quickly overloaded. Even with all the spending on cybersecurity that we see, the only thing that organizations know for sure is that their exposure to cyber risk is only going up and up and up. Companies must implement ongoing patch management and deploy proactive cybersecurity solutions to protect their valuable assets. Infrastructure is exploited faster than IT can patch, so active defenses can buy you time."