On October 15, Henry Schein, Inc. disclosed a breach:
On Saturday, October 14, Henry Schein, Inc. (Nasdaq: HSIC) determined that a portion of its manufacturing and distribution businesses experienced a cybersecurity incident. Henry Schein promptly took precautionary action, including taking certain systems offline and other steps intended to contain the incident, which has led to temporary disruption of some of Henry Schein’s business operations. The Company is working to resolve the situation as soon as possible.
Read more of their original notice on their website. AlphV (BlackCat) later claimed responsibility for the attack.
On November 13, Henry Schein issued an update on the scope of the breach. As MedTechDive reported:
- In a letter to its customers, the company disclosed on Monday that a data breach occurred, but “we do not have all the details of what data may have been compromised.” Customer bank accounts and credit card numbers may have been affected. Henry Shein also issued a letter to its suppliers, writing that the company is “aware that the bank account information for a limited number of suppliers was misused.”
- CEO Stanley Bergman told investors on a Monday earnings call that the company is working to bring its e-commerce platform back online this week, and that the incident primarily affected its dental and medical distribution operations in North America and Europe.
But the situation had deteriorated from the first attack instead of things improving. AlphV posted an update about negotiations breaking down, and BlackCat re-encrypting them.
Then, on November 22, Henry Schein posted another notice on its homepage:
Certain Henry Schein applications, including its ecommerce platform, are currently unavailable. The Company continues to take orders using alternate means and continues to ship to its customers. The Company is in the process of securely restoring these applications.
Henry Schein has identified the cause of the occurrence. The threat actor from the previously disclosed cyber incident has claimed responsibility.
The following day, it provided another update:
Henry Schein would like to provide a further update on the cybersecurity incident following the communication we provided on November 22.
The Company quickly identified the cause of the disruption and is leveraging the prior work we did to restore our systems. As a result, we believe that the disruption to our ecommerce platform and certain other applications will be short term.
The Company is in the process of securely restoring the ecommerce platform and these other applications.
In the meantime, the Company continues to take orders using alternate means and continues to ship to its customers.
Its most recent update (November 26) states:
Henry Schein would like to provide a further update on the cybersecurity incident following the communications we provided on November 22 and 23.
We expect our U.S. ecommerce platform and certain other applications to be restored in the next few days, and possibly as early as Monday. Our ecommerce platform and other applications in Canada and Europe are expected to follow shortly thereafter.
Related: Henry Schein Inc. SEC Filings Concerning the Security Incident:
Ordering was working after November 14th
And then it wasn’t again, according to Schein’s subsequent updates.
Credit card info was compromised in this breach.