A cabinet of medical supplies
Image: Ibrahim Boran via Unsplash

Healthcare manufacturer Henry Schein expects platform restored this week after cyberattack

One of the largest distributors of healthcare products in the U.S. has restored some of its systems this week after more than a month of disruptions related to multiple cyberattacks.

Henry Schein, which reported more than $12.5 billion in sales last year and has more than a million customers worldwide, said on Monday it has restored its ecommerce platform in the U.S. and expects its ecommerce platforms in Canada and Europe to come back online shortly. The message came weeks after it initially released a statement saying parts of its manufacturing and distribution businesses experienced a cybersecurity incident.

The company did not say if it was ransomware, but explained that it took systems offline in an effort to “contain the incident” — disrupting significant parts of their business operations. Since that notice on October 15, the company has dealt with a cascading series of problems.

By November 2, the AlphV/Black Cat ransomware gang said it was behind the attack, claiming to have stolen 35 TB of data.

Databreaches.net and Cybernews reported earlier this month that negotiations between the company and the hacking group had stalled, and AlphV decided to re-encrypt the company’s systems again, causing a range of new issues for Henry Schein.

On November 22, the company published a new statement confirming that several of its applications, including its ecommerce platform, are unavailable. They were still able to take orders and ship products through alternate means.

“The Company is in the process of securely restoring these applications. Henry Schein has identified the cause of the occurrence,” they company said. “The threat actor from the previously disclosed cyber incident has claimed responsibility.”

One day later the company confirmed that the disruption would be “short term” and that they are in the process of restoring the ecommerce platform and other systems.

By Sunday, the company said systems would be back to normal at some point this week.

In several letters to customers throughout November, the company said it is working with law enforcement to resolve the incident but warned people that data was stolen including ​​personal information, bank account numbers, credit card numbers and more.

Several researchers have noted that Henry Schein is no longer on AlphV’s leak site.

Steve Hahn, executive vice president at cybersecurity firm BullWall, said data from his company shows that 86% of companies hit by ransomware will be attacked again within the next year.

“Why? Once the threat actor has gained access and maintained persistence they spin up virtual machines, user accounts, embed malicious macros in internal documents, white list applications and hide hundreds of other second stage attacks throughout the environment,” he said.

“We see this exact scenario play out hundreds of times per year on some of the most advanced companies on earth.”

AlphV/Black Cat continues to be one of the most prolific ransomware gangs currently operating, with more than 500 attacks attributed to the group in recent years.

Since being involved in the attack on MGM Resorts, the gang has taken credit for incidents involving Japan Aviation Electronics, financial software company MeridianLink, a multibillion-dollar player in the real estate industry and a European hotel chain.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.