Henry Schein has lastly disclosed a data breach following a minimum of two back-to-back cyberattacks in 2023 by the BlackCat Ransomware gang, revealing that over 160,000 individuals had their private info stolen.
Henry Schein is a healthcare options supplier and a Fortune 500 firm with operations and associates in 32 nations and income of over $12 billion in 2022.
On October 15, the corporate disclosed that it was pressured to take some techniques offline to comprise a cyberattack that impacted manufacturing and distribution operations.
Whereas Henry Schein didn’t disclose the character of the assault, the BlackCat (ALPHV) ransomware gang claimed accountability, stating that they stole 35 TB of delicate recordsdata.
Virtually a month later, on November 22, the corporate as soon as once more disclosed that it suffered one other assault, once more by the now shut down BlackCat ransomware gang.
The ransomware gang claimed to have encrypted Henry Schein’s community a second time after negotiations failed and threatened to encrypt it a 3rd time if a ransom was not paid.
Whereas it’s unknown if the risk actors adopted via with one other assault, they launched a few of the knowledge stolen from Henry Schein on their knowledge leak web site.
Now, over a 12 months later, Schein has confirmed in a data breach notification to the Maine Legal professional Basic that the ransomware gang stole the non-public knowledge of 166,432 individuals throughout these assaults.
“Following the incident, the Firm labored with an out of doors skilled agency to evaluate probably affected recordsdata to be able to establish info that was obtained by the unauthorized third-party as a part of the incident,” reads Henry Schein’s data breach notification.
“This evaluate required substantial time and sources and progressed through the first half of 2024.”
“The investigation not too long ago decided that your private info was affected as a part of the incident, together with your [Extra2]. It’s doable that different delicate details about you was additionally impacted, which can depend upon what info was beforehand supplied to the Firm about you.”
BleepingComputer contacted Henry Schein to ask what sort of information was stolen within the assault however didn’t obtain a response.
The corporate is now providing impacted customers a free 24-month membership to Experian’s IdentityWorksSM to assist monitor credit score historical past and detect indicators of fraud.
