Healthcare solutions giant Henry Schein is once again restoring systems after a ransomware group that targeted the company claimed it re-encrypted files when negotiations stalled.
Henry Schein revealed on October 15 that its manufacturing and distribution businesses had been hit by a cyberattack, which caused disruption to operations.
Roughly two weeks later, the ransomware group known as Alphv and BlackCat took credit for the attack, claiming to have encrypted files on the company’s systems and stolen 35 Tb of sensitive data.
Henry Schein’s investigation confirmed that a data breach occurred and that the attackers may have stolen sensitive customer and supplier information, including personal information, bank account numbers, and payment card numbers.
The cybercrime group claimed in early November that negotiations had stalled and that it had decided to re-encrypt files just as the company had nearly finished restoring systems.
In an update shared on November 22, Henry Schein informed customers that its applications, including its ecommerce platform, had become unavailable as a result of actions conducted by the same threat actor.
At the time of writing, Henry Schein is no longer listed on the BlackCat leak website, which could indicate that negotiations have been resumed and possibly that a ransom has been paid.
Headquartered in Melville, New York, Henry Schein provides business, clinical, supply chain and technology solutions to dental and other medical organizations. The company has 23,000 employees and its solutions are used by more than one million customers globally.