History Repeats Itself as Henry Schein Restores Systems Yet Again

PK Tech Blog Image

It’s easy to miss the cybersecurity threats and attacks happening almost everywhere. At PK Tech, our goal is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware – without being afraid – of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support resource in the world of cybersecurity. 

This month, we’re highlighting healthcare solutions giant Henry Schein after a ransomware group re-encrypted its files – it’s not the first time this has happened (reference). Yikes!

What happened, what was the fallout, and why should you care? 

We’re covering it all here. Let’s dive in.

What the “Hack” Happened?

Henry Schein has 23,000 employees and serves roughly one million customers globally, providing business, clinical, supply chain, and technology solutions to medical and dental organizations. 

The initial attack on October 15 caused disruptions to operations in Henry Schein’s manufacturing and distribution businesses. The ransomware groups to blame, Alphv and BlackCat, claimed to have encrypted files on the company’s systems and stolen 35 Tb of sensitive data. Stolen sensitive data included personal information, bank account numbers, and payment card numbers.

The Fallout

Following initial demands by the ransomware group, negotiations stalled in early November, prompting the cybercrime group to re-encrypt Henry Schein’s files. This turn of events took place just as Henry Schein had almost completely restored their systems. 

After the re-encryption took place, Henry Schein released a statement informing customers that its applications had become unavailable. Its ecommerce platform was temporarily inaccessible due to the cybercrime group’s actions.

Lessons Learned #ITCouldHaveBeenWorse

Despite the scale of the ransomware attack, Henry Schein reported they expected disruptions to be short-term. 

While Henry Schein clearly underestimated the gravity of the attack and the effects of stalling negotiations, the fallout wasn’t much worse than minor disruptions for an extended period. They’re lucky in that regard. 

From this attack, we learn the importance of promptly addressing the fallout of ransomware attacks. Cybercrime groups typically have control following an attack, with access to sensitive data. While it is wise to hold off paying a ransom without a plan in place, organizations are wise to act swiftly in negotiations and seek professional help as needed.  

Currently, the BlackCat leak website no longer lists Henry Schein, indicating that either they paid a ransom or negotiations have resumed. Either outcome deserves our favorite line…#ITCouldBeWorse.