Henry Schein Hit Again by Same Ransomware Group - Modern Distribution Management

Log In

Henry Schein Hit Again by Same Ransomware Group

The same bad actor re-encrypted previously stolen sensitive information, apparently just as the distributor had recovered from the initial breach.
Stuttgart, Germany - 07-02-2023: Cellphone with logo of American healthcare products company Henry Schein Inc. on screen in front of website. Focus on left of phone display.

It appears that Henry Schein was forced to spend Thanksgiving scrambling to restore its system applications after the health care products distributor suffered its second cybersecurity incident in eight weeks — and from the same bad actor.

The situation may best be explained with a timeline:

On Oct. 15, Henry Schein disclosed that it had to take certain systems offline, including its eCommerce platform — after discovering a cyber breach on Oct. 14 that may have exposed customer and personal information such as bank account numbers, credit card numbers and other sensitive data to third parties.

About two weeks later, ransomware group BlackCat — also known as AlphV and Noberus — claimed responsibility for the attack, saying that it had encrypted files on the company’s systems and stolen 35 terabytes worth of sensitive data that it would publicly release on a daily basis and that the breach had already cost Henry Schein $150 million in lost revenue at that time.

On Nov. 2, BlackCat said that negotiations with Henry Schein had stalled, and in response, it decided to re-encrypt those files just as the distributor had nearly completed restoring its systems.

In the company’s 2023 third quarter earnings call on Nov. 13, CEO and Chairman Stanley Bergman said the company expected to reactivate its eCommerce platform within the week.

On Nov. 22, the company issued an update saying that certain applications, including its eCommerce platform, were unavailable after another cyber incident from the same threat actor and that Henry Schein continues to take orders using alternate means and continues to ship to its customers. A day later, the company updated that it was leveraging the prior work it did to restore its systems from the first breach, and that the company believed the disruption to its eCommerce platform and other applications would be “short-term.”

The company provided additional updates on Nov. 26 and 27, with the latter noting that it had restored its eCommerce platform in the U.S., while Canada and Europe are expected to follow shortly.

Cybersecurity media outlet SecurityWeek reported that, as of midday Nov. 27, Henry Schein was no longer listed on BlackCat’s dedicated website that enables customers and victims to check if their data was stolen in a hack. SecurityWeek notes this may indicate that negotiations have resumed and that a ransom has been paid.

Henry Schein’s initial cyberbreach came about two weeks after Ace Hardware disclosed its (unrelated) cyberattack, which also forced system suspension and disrupted online orders. In September, MRO supplies distributors Shively Bros also disclosed a February data breach.

Related Posts

Share this article

About the Author
Recommended Reading
Leave a Reply

Leave a Comment

Sign Up for the MDM Update Newsletter

The MDM update newsletter is your best source for news and trends in the wholesale distribution industry.

Get the MDM Update Newsletter

Wholesale distribution news and trends delivered right to your inbox.

Sign-up for our free newsletter and get:

  • Up-to-date news in a quick-to-read format
  • Free access to webcasts, podcasts and live events
  • Exclusive whitepapers, research and reports
  • And more!


articles left

Want more Premium content from MDM?

Subscribe today and get:

  • New issues twice each month
  • Unlimited access to mdm.com, including 10+ years of archived data
  • Current trends analysis, market data and economic updates
  • Discounts on select store products and events

Subscribe to continue reading

MDM Premium Subscribers get:

  • Unlimited access to MDM.com
  • 1 year digital subscription, with new issues twice a month
  • Trends analysis, market data and quarterly economic updates
  • Deals on select store products and events



You have one free article remaining

Subscribe to MDM Premium to get unlimited access. Your subscription includes:

  • Two new issues a month
  • Access to 10+ years of archived data on mdm.com
  • Quarterly economic updates, trends analysis and market data
  • Store and event discounts

To continue reading, you must be an MDM Premium subscriber.

Join other distribution executives who use MDM Premium to optimize their business. Our insights and analysis help you enter the right new markets, turbocharge your sales and marketing efforts, identify business partners that help you scale, and stay ahead of your competitors.

Register for full access

By providing your email, you agree to receive announcements from us and our partners for our newsletter, events, surveys, and partner resources per MDM Terms & Conditions. You can withdraw consent at any time.

Learn More about Custom Reports

Request a Market Prospector Demo

  • This field is for validation purposes and should be left unchanged.