Ransomware attack

BlackCat/ALPHV Ransomware’s Massive Data Breach at Henry Schein Healthcare

BlackCat/ALPHV ransomware group attacked Henry Schein, a large global distributor of healthcare resources. The company actively discusses security issue remedy after the data breach.

Listed as a Fortune 500 firm, Henry Schein is a prominent provider of healthcare solutions. The firm that provides healthcare equipment and technology solutions employs more than 23,000 people worldwide and serves more than one million customers across 32 countries. Through its affiliates, the corporation operates in 32 countries and generated impressive sales statistics in 2022—successfully over $12 billion.

The Russian-linked BlackCat ransomware group claims to have stolen 34 terabytes of sensitive information from a New York-based company. Unless their ransom demands are met, they threatened to release this information.

BlackCat/ALPHV currently makes the argument that negotiations have come to a deadlock and that they have re-encrypted the company’s network systems. This move basically extracted any work Henry Schein had made in restoring their systems.

Following these events, the corporation released a press release on October 15th, formally acknowledging a “cybersecurity incident,” even though it is still facing website and operational challenges.

According to Henry Schein Healthcare:

Henry Schein promptly took precautionary action, including taking certain systems offline and other steps intended to contain the incident, which has led to temporary disruption of some of Henry Schein’s business operations. The Company is working to resolve the situation as soon as possible.

Henry Schein quickly reported the incident to the relevant law enforcement agencies. The healthcare services business hired external cybersecurity and forensics experts to investigate the possibility of a data breach that resulted from the intrusion after it had occurred.

This healthcare services firm sent out a letter a week after disclosing the data breach, advising clients to place orders through their Henry Schein representative or specialised telesales phone numbers.

Uncovering the BlackCat/ALPHV Claim on Henry Schein Data Breach

BlackCat/ALPHV first reported the claimed attack on their dark web site one week ago. They sent a detailed letter summarising the attack and the challenges they were having in their talks with the corporation, along with this discovery.

The group especially confronted external experts, highlighting out claimed failures in Henry Schein’s management team’s dedication. This included Coveware, a ransomware recovery company that Henry Schein had hired.

According to BlackCat:

We were in contact with Henry’s negotiators named Coveware Company, Lizzie and her colleagues. It seems like they are sticking to their position of buying more time, as they have been from the beginning. Last week, we warned them that if they continued this behavior, we would take action, and we did. While Henry was almost finished restoring everything, we encrypted their systems again, causing Coveware’s client to lose an additional two weeks of business.

It appears that Henry Schein is no longer comprised on BlackCat’s data leak website, which raises the possibility that the company may resume negotiations or agree to pay the ransom demands.

In 2021, the ransomware-as-a-service (RaaS) organisation BlackCat/ALPHV appeared in the criminal landscape. This criminal group developed reputation quickly and gained the attention of the US Federal Bureau of Investigation (FBI) by 2022.

The FBI revealed that BlackCat was able to successfully conduct cyberattacks on more than 60 organisations between November 2021 and March 2022. This was an unexpected disclosure.

Recently, a BlackCat affiliate known as Scattered Spider took responsibility for the MGM Resorts breach. They allegedly encrypted more than 100 ESXi hypervisors after MGM Resorts denied ransom negotiations and shut down its internal infrastructure.

BlackCat is different from other cybercrime gangs, according to the Centre for Internet Security (CIS). Many believe it’s a rebrand of DarkSide, the group that breached the Colonial Pipeline.

Companies must prioritise continual updating and systematic execution of cybersecurity solutions to protect their valued resources. Cybercriminal often exploit infrastructure vulnerabilities faster than IT teams can update them. As a result, employing active defence systems can effectively buy you valuable time to respond to developing threats.

Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.

Recent posts