DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Henry Schein re-encrypted by BlackCat again

Posted on November 26, 2023 by Dissent

On October 15, Henry Schein, Inc. disclosed a breach:

On Saturday, October 14, Henry Schein, Inc. (Nasdaq: HSIC) determined that a portion of its manufacturing and distribution businesses experienced a cybersecurity incident. Henry Schein promptly took precautionary action, including taking certain systems offline and other steps intended to contain the incident, which has led to temporary disruption of some of Henry Schein’s business operations. The Company is working to resolve the situation as soon as possible.

Read more of their original notice on their website.  AlphV (BlackCat) later claimed responsibility for the attack.

On November 13, Henry Schein issued an update on the scope of the breach. As MedTechDive reported:

  • In a letter to its customers, the company disclosed on Monday that a data breach occurred, but “we do not have all the details of what data may have been compromised.” Customer bank accounts and credit card numbers may have been affected. Henry Shein also issued a letter to its suppliers, writing that the company is “aware that the bank account information for a limited number of suppliers was misused.”
  • CEO Stanley Bergman told investors on a Monday earnings call that the company is working to bring its e-commerce platform back online this week, and that the incident primarily affected its dental and medical distribution operations in North America and Europe.

But the situation had deteriorated from the first attack instead of things improving. AlphV posted an update about negotiations breaking down,  and BlackCat re-encrypting them.

Then, on November 22, Henry Schein posted another notice on its homepage:

Certain Henry Schein applications, including its ecommerce platform, are currently unavailable. The Company continues to take orders using alternate means and continues to ship to its customers. The Company is in the process of securely restoring these applications.

Henry Schein has identified the cause of the occurrence. The threat actor from the previously disclosed cyber incident has claimed responsibility.

The following day, it provided another update:

Henry Schein would like to provide a further update on the cybersecurity incident following the communication we provided on November 22.

The Company quickly identified the cause of the disruption and is leveraging the prior work we did to restore our systems. As a result, we believe that the disruption to our ecommerce platform and certain other applications will be short term.

The Company is in the process of securely restoring the ecommerce platform and these other applications.

In the meantime, the Company continues to take orders using alternate means and continues to ship to its customers.

Its most recent update (November 26) states:

Henry Schein would like to provide a further update on the cybersecurity incident following the communications we provided on November 22 and 23.

We expect our U.S. ecommerce platform and certain other applications to be restored in the next few days, and possibly as early as Monday. Our ecommerce platform and other applications in Canada and Europe are expected to follow shortly thereafter.

 Related:  Henry Schein Inc.  SEC Filings Concerning the Security Incident:

Cautionary Note Regarding Forward-looking Statements
11/26/23: Update on Cybersecurity Incident
11/23/23: Update on Cybersecurity Incident
11/22/23: Update on Cybersecurity Incident
11/13/23: Notice sent to United States customers on November 13, 2023
11/13/23: Notice sent to United States suppliers on November 13, 2023
11/2/23: Press Release | Henry Schein to Webcast Third Quarter 2023 Conference Call and Provide an Update on Its Full-Year 2023 Guidance on Monday, November 13, 2023 at 10:00 a.m. ET
11/2/23: Henry Schein, Inc. Form 12b-25 Notification of Late Filing
10/24/23: Henry Schein, Inc. 8-K: Item 7.01
10/24/23: Customer Letter | Henry Schein Order Processing
10/15/23: Press Release | Henry Schein Provides Information on Cybersecurity Incident
Category: Business SectorHackU.S.

Post navigation

← Europe’s grid is under a cyberattack deluge, industry warns
DHS/CISA and UK NCSC Release Joint Guidelines for Secure AI System Development →

3 thoughts on “Henry Schein re-encrypted by BlackCat again”

  1. Anonymous says:
    November 26, 2023 at 9:26 pm

    Ordering was working after November 14th

    1. Dissent says:
      November 27, 2023 at 6:30 am

      And then it wasn’t again, according to Schein’s subsequent updates.

  2. LG says:
    November 27, 2023 at 11:58 am

    Credit card info was compromised in this breach.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Chinese Hackers Hit Drone Sector in Supply Chain Attacks
  • Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom
  • $28 million in Texas’ cybersecurity funding for schools left unspent
  • Cybersecurity incident at Central Point School District 6
  • Official Indiana .gov email addresses are phishing residents
  • Turkish Group Hacks Zero-Day Flaw to Spy on Kurdish Forces
  • Cyberattacks on Long Island Schools Highlight Growing Threat
  • Dior faces scrutiny, fine in Korea for insufficient data breach reporting; data of wealthy clients in China, South Korea stolen
  • Administrator Of Online Criminal Marketplace Extradited From Kosovo To The United States
  • Twilio denies breach following leak of alleged Steam 2FA codes

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • South Korea fines Temu for data protection violations
  • The BR Privacy & Security Download: May 2025
  • License Plate Reader Company Flock Is Building a Massive People Lookup Tool, Leak Shows
  • FTC dismisses privacy concerns in Google breakup
  • ARC sells airline ticket records to ICE and others
  • Clothing Retailer, Todd Snyder, Inc., Settles CPPA Allegations Regarding California Consumer Privacy Act Violations
  • US Customs and Border Protection Plans to Photograph Everyone Exiting the US by Car

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.