The American medical giant Henry Schein has fallen victim to a series of cyber-attacks by the Alphv/BlackCat extortion gang. This attack comes after the company’s network was first hacked in mid-October.
Henry Schein is a major supplier of medical products and services, and is part of the Fortune 500 list. With operations in 32 countries and reported income of over $12 billion in 2022, it is a significant player in the industry.
The company first disclosed the attack on 15 October when it shut down several systems to prevent further spread of malicious software. Less than a month later, on 13 November, Henry Schein reported that customer data, including bank account numbers and credit card information, may have been stolen as a result of the October attack.
On 22 November, the company announced that some applications and its electronic commerce platform were again taken offline due to a new attack, attributed to the BlackCat group.
Today, Henry Schein has restored its trading platform in the USA and expects a quick recovery for platforms in Canada and Europe. The company has been able to continue receiving orders through alternative channels in the affected areas, mitigating significant disruptions to its business operations.
The BlackCat group has added Henry Schein to its Darknet leakage website, claiming to have hacked the company’s network and stolen 35 terabytes of confidential data. The cybercriminals allege that despite ongoing negotiations, Henry Schein has not prioritized the safety of its customers, partners, employees, or its own network.
“As of today’s midnight, part of the internal data on wages and shareholder folders will be published on our blog. We will continue to release more data daily,” concluded the cybercriminals.
The Alphv/BlackCat group, which emerged in November 2021, is believed to be a renamed version of the notorious Darkside/BlackMatter group. Darkside gained global attention after the attack on Colonial Pipeline, leading to extensive investigations by law enforcement agencies. The FBI has linked this group to over 60 cyber-attacks on organizations worldwide between November 2021 and March 2022.