Massive Data Breach Hits Henry Schein, Bank Account Details Leaked

Henry Schein, the world’s largest distributor of medical goods, has officially confirmed that the security incident that transpired last month culminated in a comprehensive data breach.

In notifications to clients and suppliers dated November 13, it was revealed that malefactors accessed sensitive information, including bank account details and credit card data. Likely, other valuable information was also compromised.

“Henry Schein is now aware that a data breach has occurred. We do not have all the details of what data may have been compromised. Customer and personal identifiable information, such as bank account numbers, credit card numbers, and other sensitive information, may have been exposed to third parties.”

Victims are advised to urgently change their bank account passwords, enhance transaction security, and review recent account debits. Suppliers are also recommended to temporarily block corporate accounts.

The attack, for which the BlackCat/ALPHV ransomware group claimed responsibility, disrupted the company’s website operations and impacted some of its manufacturing and logistics processes. Consequently, the IT department had to disable several key computer systems.

Clients complained about having to place orders via telephone rather than online. The incident severely affected the logistical chains, impacting the organization’s profits.

Henry Schein’s systems were compromised in mid-October, but this only became public knowledge by the end of the month. At that time, the hackers claimed to have stolen 35 terabytes of sensitive data and threatened to publish it on their site by November 3. In one of the group’s statements, it was also mentioned that they had obtained information on employee salaries and shareholder documents, which at that point was unverifiable.

On November 2, the extortionists announced in their blog that they had re-encrypted the company’s systems, apparently due to a breakdown in negotiations.

A few days later, Henry Schein disappeared from the ALPHV/BlackCat leak site, leading to speculations that the company had acquiesced and paid the ransom. Nonetheless, representatives continued to describe the event as a mere “cyber incident” and refused to acknowledge the leak until recently.

The investigation of the incident continues with the involvement of external experts and law enforcement agencies. The company promises to send all affected parties forms for a complimentary subscription to credit monitoring and personal data protection services.