The BlackCat (ALPHV) ransomware gang claims it breached the community of healthcare big Henry Schein and stole dozens of terabytes of information, together with payroll knowledge and shareholder info.
Henry Schein is a healthcare options supplier and a Fortune 500 firm with operations and associates in 32 nations and income of over $12 billion in 2022.
The corporate disclosed on October 15 that it was pressured to take some techniques offline to include a cyberattack that impacted its manufacturing and distribution companies at some point earlier than.
“Henry Schein promptly took precautionary motion, together with taking sure techniques offline and different steps meant to include the incident, which has led to short-term disruption of a few of Henry Schein’s enterprise operations. The Firm is working to resolve the state of affairs as quickly as attainable,” it stated.
Whereas a few of its enterprise operations have been disrupted, the corporate says its Henry Schein One apply administration software program has not been impacted.
Henry Schein notified related legislation enforcement authorities of the incident and has since employed exterior cybersecurity and forensics specialists to analyze a possible knowledge breach stemming from the assault.
In a letter revealed one week after disclosing the cyberattack, the healthcare providers supplier urged clients to position orders via their Henry Schein consultant or utilizing devoted telesales cellphone numbers.
A Henry Schein spokesperson was not instantly accessible for remark when contacted by BleepingComputer earlier right now.
BlackCat claims Henry Schein breach
Nearly two weeks later, the BlackCat/ALPHV ransomware group has added Henry Schein to its darkish net leak web site, claiming that they breached the corporate’s community and stole 35 TB of delicate information.
The gang claims they encrypted the corporate’s gadgets once more simply as Henry Schein nearly completed restoring all its techniques as a result of ongoing negotiations failed.
“Regardless of ongoing discussions with Henry’s staff, we have now not acquired any indication of their willingness to prioritize the safety of their purchasers, companions, and workers, not to mention defend their very own community,” the menace actors stated.
“As of midnight right now, a portion of their inside payroll knowledge and shareholder folders shall be revealed on our collections weblog. We’ll proceed to launch extra knowledge each day.”
Henry Schein’s entry on BlackCat’s knowledge leak web site has since been deleted, hinting on the firm restarting negotiations or paying the ransom.
The BlackCat ransomware operation surfaced in November 2021 and is suspected to be a rebrand of the infamous DarkSide/BlackMatter group.
Initially generally known as DarkSide, the cybercrime gang drew world consideration after infiltrating Colonial Pipeline, prompting legislation enforcement investigations worldwide.
Extra lately, a BlackCat affiliate tracked as Scattered Spider claimed duty for the MGM Resorts breach, allegedly encrypting over 100 ESXi hypervisors after MGM Resorts refused ransom negotiations and shut down its inside infrastructure.
In April 2022, the FBI linked the group to profitable assaults on greater than 60 organizations worldwide between November 2021 and March 2022.
H/TÂ Dominic Alvieri
