American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October.
Henry Schein is a Fortune 500 healthcare products and services provider with operations and affiliates in 32 countries and a revenue of over $12 billion reported in 2022.
It first disclosed on October 15 that it had to take some systems offline to contain another cyberattack that impacted its business one day before.
More than a month later, on November 22, the company said that some of its apps and the e-commerce platform were again taken down following another attack claimed by BlackCat ransomware.
"Certain Henry Schein applications, including its ecommerce platform, are currently unavailable. The Company continues to take orders using alternate means and continues to ship to its customers," it said.
"Henry Schein has identified the cause of the occurrence. The threat actor from the previously disclosed cyber incident has claimed responsibility."
Today, the company revealed that it has now restored its U.S. e-commerce platform, and it's expecting that its platforms in Canada and Europe will also be back online shortly.
Across impacted areas, the healthcare services provider is reportedly still receiving orders through alternative channels and shipping to customers.
Henry Schein's BlackCat breach
The BlackCat ransomware gang added Henry Schein to its dark web leak site, saying it breached the company's network and allegedly stole 35 terabytes of sensitive data.
According to the cybercrime operation, they re-encrypted the company's devices after negotiations faltered towards the end of October while Henry Schein was on the verge of restoring its systems.
This would make this month's incident the third time since October 15 that BlackCat encrypted Henry Schein's systems after breaching its network.
"Despite ongoing discussions with Henry's team, we have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network," the threat actors said.
"As of midnight today, a portion of their internal payroll data and shareholder folders will be published on our collections blog. We will continue to release more data daily."
BlackCat emerged in November 2021 and is believed to be a rebrand of the infamous DarkSide/BlackMatter gang. Known initially as DarkSide, the gang garnered global attention after hitting Colonial Pipeline, prompting extensive law enforcement probes.
The FBI connected the ransomware group to over 60 breaches affecting organizations globally between November 2021 and March 2022.
A Henry Schein spokesperson has yet to respond to BleepingComputer's requests for comment regarding the cyberattacks disclosed this month.
Comments
NoneRain - 5 months ago
Henry Schein, bite the bullet at this point. Don't pay sh1t. Take that money and start reparations.
Sciophobia - 5 months ago
My company is one of the partners with Henry Schein, they sell some of our products. They never really recovered from this at all. Many technicians from around North America have told me they are taking orders down on paper - including for parts for device repairs. From what I have seen personally when dealing with HSD, they used Trellix (formerly McAfee Enterprise) as their endpoint security. DarkSide obviously did not learn from Colonial Pipeline, as they are putting medical facilities in a position where they cannot schedule patient care because repairs needed are not being done due to this. A real shame.