October 24, 2024 at 05:44PM
Henry Schein disclosed a data breach after two cyberattacks by the BlackCat Ransomware gang in 2023, affecting over 166,000 individuals. The company took systems offline to mitigate the attacks. They are offering impacted users a free 24-month membership with Experian’s IdentityWorks for credit monitoring and fraud detection.
**Meeting Takeaways: Henry Schein Data Breach Overview**
1. **Incident Disclosure**: Henry Schein has confirmed a data breach affecting over 160,000 individuals, attributed to two cyberattacks in 2023 by the BlackCat Ransomware gang.
2. **Company Background**: Henry Schein is a healthcare solutions provider, operating in 32 countries with a revenue exceeding $12 billion in 2022.
3. **Cyberattack Details**:
– **First Attack (October 15, 2023)**: Systems were taken offline to manage a cyberattack impacting manufacturing and distribution. The BlackCat gang claimed to have stolen 35 TB of sensitive data.
– **Second Attack (November 22, 2023)**: A follow-up attack occurred, with the ransomware gang threatening further encryption if ransoms were not paid. Some stolen data was released on their data leak site.
4. **Data Breach Notification**: As of now, Henry Schein notified the Maine Attorney General that 166,432 individuals had their personal data stolen.
5. **Data Review and Investigation**: The company engaged an external expert to review affected files, a process that took considerable time and resources; it only progressed fully in the first half of 2024.
6. **Potentially Compromised Data**: The notification indicated that personal information, including unspecified sensitive data, may have been compromised, contingent on what the company previously held.
7. **Company Response**: Henry Schein has not commented on specific types of data stolen when approached by media.
8. **Support for Affected Individuals**: The company is offering impacted individuals a complimentary 24-month membership to Experian’s IdentityWorksSM for credit monitoring and fraud detection.
**Next Steps**:
– Follow up with Henry Schein for clarification on the types of data affected.
– Monitor the situation for further updates about the breach and impact on individuals.