{"id":17996,"date":"2023-11-29T14:45:07","date_gmt":"2023-11-29T14:45:07","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=17996"},"modified":"2023-11-29T14:45:07","modified_gmt":"2023-11-29T14:45:07","slug":"henry-schein-blackcat-ransomware","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/henry-schein-blackcat-ransomware\/","title":{"rendered":"Henry Schein was hacked twice by BlackCat ransomware"},"content":{"rendered":"<p>Henry Schein Global, a healthcare solutions provider, <strong>faced a persistent cybersecurity nightmare<\/strong>. The BlackCat\/ALPHV ransomware gang is <strong>launching a second wave of attacks<\/strong>, claiming to have re-encrypted files after stalled negotiations. The company, headquartered in Melville, New York, is restoring systems. It happened after the <strong>cybercrime group took credit for an initial breach<\/strong> on October 15, disrupting manufacturing and distribution operations<\/p>\n<h2>What is BlackCat Ransomware Gang?<\/h2>\n<p><a href=\"https:\/\/gridinsoft.com\/blogs\/blackcat-ransomware-new-update\/\">The BlackCat ransomware gang<\/a>, emerging in November 2021, is believed to be a rebrand of the notorious DarkSide\/BlackMatter group. The gang gained global attention <a href=\"https:\/\/howtofix.guide\/the-ransomware-encrypted-the-servers-of-colonial-pipeline\/\" rel=\"noopener nofollow\" target=\"_blank\">after targeting Colonial Pipeline<\/a>, <strong>which led to fuel supply disruptions<\/strong> across the entire US East Coast. The FBI has linked them to over 60 breaches globally between November 2021 and March 2022, <strong>indicating a pattern of sophisticated cybercriminal activity<\/strong>.<\/p>\n<h2>Henry Schein Attacked by ALPHV, Again<\/h2>\n<p>On October 15, <strong>Henry Schein reported a cyberattack that impacted its manufacturing<\/strong> and distribution businesses, causing operational disruptions. Two weeks later, the <strong>BlackCat\/ALPHV ransomware group claimed responsibility<\/strong>, boasting about encrypting files and stealing a massive <a href=\"https:\/\/gridinsoft.com\/blogs\/personal-data-sensitive-data\/\">35 terabytes of sensitive data<\/a>, potentially including personal information, bank account details, and payment card numbers.<\/p>\n<figure id=\"attachment_18011\" aria-describedby=\"caption-attachment-18011\" style=\"width: 708px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" loading=\"lazy\" decoding=\"async\" src=\"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2023\/11\/HENRYSnotice.webp\" alt=\"notification from Henry Schein\" width=\"708\" height=\"389\" class=\"size-full wp-image-18011\" title=\"\" srcset=\"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2023\/11\/HENRYSnotice.webp 708w, https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2023\/11\/HENRYSnotice-300x165.webp 300w\" sizes=\"auto, (max-width: 708px) 100vw, 708px\" \/><figcaption id=\"caption-attachment-18011\" class=\"wp-caption-text\">The notification from Henry Schein about the ransomware attack.<\/figcaption><\/figure>\n<p>The situation escalated in early November when the cybercriminals declared that negotiations had stalled. <strong>In response, they threatened to re-encrypt files<\/strong>, a move confirmed by Henry Schein&#8217;s subsequent system restoration updates. The company informed customers on November 22 that its applications, including the e-commerce platform, were rendered unavailable due to actions by the threat actor.<\/p>\n<figure id=\"attachment_18013\" aria-describedby=\"caption-attachment-18013\" style=\"width: 605px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" loading=\"lazy\" decoding=\"async\" src=\"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2023\/11\/ALHPVBlackCat.webp\" alt=\"BlackCat ransomware\" width=\"605\" height=\"514\" class=\"size-full wp-image-18013\" title=\"\" srcset=\"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2023\/11\/ALHPVBlackCat.webp 605w, https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2023\/11\/ALHPVBlackCat-300x255.webp 300w\" sizes=\"auto, (max-width: 605px) 100vw, 605px\" \/><figcaption id=\"caption-attachment-18013\" class=\"wp-caption-text\">Statement<br \/>on ALHPV\/BlackCat leak site.<\/figcaption><\/figure>\n<p>Despite anticipating short-term disruptions, the latest update on November 26 assured customers that <strong>systems would soon be fully restored<\/strong>. As of the latest information, Henry Schein is no longer <a href=\"https:\/\/gridinsoft.com\/blogs\/blackcat-gang-posts-the-leaks-in-surface-web\/\">listed on the BlackCat leak website<\/a>, hinting at a potential resumption of negotiations or even a ransom payment.<\/p>\n<h2>How to resist ransomware?<\/h2>\n<p>Organizations can enhance their resilience against extortionists through a multifaceted approach. First and foremost, robust cybersecurity measures are imperative. <strong>Regularly updating and patching systems<\/strong> can mitigate vulnerabilities, making it harder for extortionists to exploit weaknesses. <strong>Implementing strong access controls<\/strong> and regularly reviewing user privileges adds an extra layer of defense. <strong>Regular data backups are essential<\/strong> to ensure that organizations can quickly recover <a href=\"https:\/\/gridinsoft.com\/ransomware\">from ransomware attacks<\/a> without succumbing to extortion demands. A well-defined incident response plan, including communication protocols and coordination with law enforcement, prepares organizations to swiftly and effectively handle extortion attempts.<\/p>\n<p>Lastly, <strong>collaboration within the industry and sharing threat<\/strong> intelligence can strengthen collective defenses against evolving extortion tactics. By staying informed and implementing proactive measures, organizations can significantly reduce the likelihood of falling victim to extortionists.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Henry Schein Global, a healthcare solutions provider, faced a persistent cybersecurity nightmare. The BlackCat\/ALPHV ransomware gang is launching a second wave of attacks, claiming to have re-encrypted files after stalled negotiations. The company, headquartered in Melville, New York, is restoring systems. It happened after the cybercrime group took credit for an initial breach on October [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":18021,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[15],"tags":[1125,60,697,55],"class_list":{"0":"post-17996","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security-news","8":"tag-alphv-blackcat","9":"tag-cyberattack","10":"tag-data-breach","11":"tag-ransomware"},"featured_image_src":"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2023\/11\/GS_Blog_banner_Henry-Schein-was-hacked-twice-by-BlackCat-ransomware_1280x674.webp","author_info":{"display_name":"Stephanie Adlam","author_link":"https:\/\/gridinsoft.com\/blogs\/author\/adlam\/"},"_links":{"self":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/17996","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/comments?post=17996"}],"version-history":[{"count":14,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/17996\/revisions"}],"predecessor-version":[{"id":18028,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/17996\/revisions\/18028"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media\/18021"}],"wp:attachment":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media?parent=17996"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/categories?post=17996"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/tags?post=17996"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}