Connect with us

Hi, what are you looking for?



Henry Schein Again Restoring Systems After Ransomware Group Causes More Disruption

Healthcare solutions giant Henry Schein is once again restoring systems after ransomware group claims it re-encrypted files.

Healthcare solutions giant Henry Schein is once again restoring systems after a ransomware group that targeted the company claimed it re-encrypted files when negotiations stalled. 

Henry Schein revealed on October 15 that its manufacturing and distribution businesses had been hit by a cyberattack, which caused disruption to operations. 

Roughly two weeks later, the ransomware group known as Alphv and BlackCat took credit for the attack, claiming to have encrypted files on the company’s systems and stolen 35 Tb of sensitive data.  

Henry Schein’s investigation confirmed that a data breach occurred and that the attackers may have stolen sensitive customer and supplier information, including personal information, bank account numbers, and payment card numbers. 

The cybercrime group claimed in early November that negotiations had stalled and that it had decided to re-encrypt files just as the company had nearly finished restoring systems.

In an update shared on November 22, Henry Schein informed customers that its applications, including its ecommerce platform, had become unavailable as a result of actions conducted by the same threat actor. 

However, the company said it expected disruptions to be short term, with the latest update, from November 26, informing customers that systems should be restored shortly.

At the time of writing, Henry Schein is no longer listed on the BlackCat leak website, which could indicate that negotiations have been resumed and possibly that a ransom has been paid.

Advertisement. Scroll to continue reading.

Headquartered in Melville, New York, Henry Schein provides business, clinical, supply chain and technology solutions to dental and other medical organizations. The company has 23,000 employees and its solutions are used by more than one million customers globally.

Related: Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs

Related: Medical Company Fined $450,000 by New York AG Over Data Breach

Related: Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.