Following a data breach that dental supplier and health-care solutions provider Henry Schein first reported last month, this week the company warned customers and suppliers that sensitive information may have been exposed in the cyberattack and encouraged them to be on the lookout for suspicious activity.
According to a letter Schein sent to its customers this week, they “do not have all the details of what data may have been compromised” but “identifiable information customer bank accounts and credit card numbers may have been affected."
On October 14, the company discovered a cybersecurity incident that primarily affected its dental and medical distribution businesses. The breach was instigated by a cyberattack group called BlackCat, which, according to email communication from the security company VIPRE, claimed it encrypted Schein’s systems after failed negotiations with Coveware, which describes itself as “ransomware recovery first responders.” BlackCat said it stole 35 TB of “sensitive data,” including “internal payroll data and shareholder folders.”
Cyberattack "contained," Schein "making progress"
Following the attack, the company “promptly took precautionary action, including taking certain systems offline and other steps intended to contain the incident, which has led to temporary disruption of some of Henry Schein’s business operations,” according to a Schein press release from October 15. More recent company communication indicates that “The company has contained the incident, restored most of the business-critical systems it proactively took offline in response to the situation, and is making significant progress toward resuming normal-course operations.”
The letter Schein sent to its customers earlier this week indicates that it “will provide, where applicable, complimentary credit monitoring and identify protection services for those who may have been affected by any data compromise.”
A letter sent to its suppliers on the same day indicates that “we are aware that the bank account information for a limited number of suppliers was misused, and we have already separately addressed those impacted.”