American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October. Henry Schein is a Fortune 500 healthcare products and services provider with operations and affiliates in 32 countries and a revenue of over $12 billion reported in 2022. More than a month later, on November 22, the company said that some of its apps and the e-commerce platform were again taken down following another attack claimed by BlackCat ransomware. "Certain Henry Schein applications, including its ecommerce platform, are currently unavailable. The Company continues to take orders using alternate means and continues to ship to its customers," it said. "Henry Schein has identified the cause of the occurrence. The threat actor from the previously disclosed cyber incident has claimed responsibility." Today, the company revealed that it has now restored its U.S. e-commerce platform, and it's expecting that its platforms in Canada and Europe will also be back online shortly. Across impacted areas, the healthcare services provider is reportedly still receiving orders through alternative channels and shipping to customers. The BlackCat ransomware gang added Henry Schein to its dark web leak site, saying it breached the company's network and allegedly stole 35 terabytes of sensitive data. According to the cybercrime operation, they re-encrypted the company's devices after negotiations faltered towards the end of October while Henry Schein was on the verge of restoring its systems. This would make this month's incident the third time since October 15 that BlackCat encrypted Henry Schein's systems after breaching its network. "Despite ongoing discussions with Henry's team, we have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network," the threat actors said. "As of midnight today, a portion of their internal payroll data and shareholder folders will be published on our collections blog. We will continue to release more data daily." BlackCat emerged in November 2021 and is believed to be a rebrand of the infamous DarkSide/BlackMatter gang. The FBI connected the ransomware group to over 60 breaches affecting organizations globally between November 2021 and March 2022. A Henry Schein spokesperson has yet to respond to BleepingComputer's requests for comment regarding the cyberattacks disclosed this month. MGM casino's ESXi servers allegedly encrypted in ransomware attack. McLaren Health Care says data breach impacted 2.2 million people. Seiko says ransomware attack exposed sensitive customer data. BlackCat ransomware uses new 'Munchkin' Linux VM in stealthy attacks. ALPHV ransomware gang claims attack on Florida circuit court.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000