BlackCat strikes again - and this time it’s breached a healthcare giant

Henry Schein is the latest victim of a ransomware attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The notorious BlackCatransomwareactor appears to have claimed another high-profile victim after Fortune 500 healthcare organization Henry Schein was hit.

As reported byBleepingComputer, the ransomware gang, also known as ALPHV, added Henry Schein to its data leak site, claiming it took some 35TB of data during the attack.

It also seems as if, after a bit of back-and-forth, the healthcare firm came to an agreement with the criminals. At first, the company was given the decryption key and started restoring its systems, but before the restoration was completed, BlackCat re-encrypted everything as negotiations broke down.

Containing the incident

“Despite ongoing discussions with Henry’s team, we have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network,” the gang was quoted as saying.

“As of midnight today, a portion of their internal payroll data and shareholder folders will be published on our collections blog. We will continue to release more data daily.”

Soon after, BlackCat deleted all of the Henry Schein data from its website, suggesting that the two may have finally agreed. There is no word from the company on this news just yet.

The attack took place roughly two weeks before BlackCat started posting the data online. Back then, Henry Schein reported suffering a cyberattack that affected its manufacturing and distribution businesses, and that it was forced to take some of it systems offline to mitigate the damages.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Henry Schein promptly took precautionary action, including taking certain systems offline and other steps intended to contain the incident, which has led to temporary disruption of some of Henry Schein’s business operations. The Company is working to resolve the situation as soon as possible,” it said.

As usual, the company notified the police and brought in forensic experts to help with the investigation. It also urged the customers at the time to place orders either through a Henry Schein representative or via phone.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time