Henry Schein Hit By BlackCat Ransomware Gang

November 09, 2023 - Henry Schein, a major distributor of healthcare products across 32 countries, suffered a cyberattack in mid-October that disrupted some of its manufacturing and distribution operations.

A few weeks after the attack, the BlackCat/ALPHV ransomware group claimed responsibility for the attack, BleepingComputer reported. BlackCat claimed to have stolen 35 terabytes of sensitive data following failed negotiations with the company.

As previously reported, BlackCat is a sophisticated ransomware variant known to target healthcare organizations.

Henry Schein’s initial notification informed customers that it experienced a cybersecurity incident on October 14 and promptly took certain systems offline to contain the incident. As a result, some of the company’s operations were disrupted.

On October 24, the company provided an update via a Securities and Exchange Commission (SEC) filing stating that all customer orders were once again being taken and fulfilled.

On its leak site, BlackCat claimed that it would publish portions of the company’s internal data on a daily basis. Later, the entry on BlackCat’s leak site was deleted, implying that the company had entered into negotiations with the group again.

Western Washington Medical Group Suffers Breach

Western Washington Medical Group (WWMG) notified 350,863 individuals of a data breach that occurred in August 2023.

After detecting an unauthorized party on its network, WWMG shut off all network access and engaged a third-party forensic incident response firm to secure the environment. Although it has no evidence that patient information has been misused, WWMG said that names, addresses, health insurance policy numbers, dates of birth, medical record numbers, Social Security numbers, and medical information were potentially exposed.

“Data security is one of our highest priorities,” the notice continued. “Upon detecting this incident we moved quickly to initiate a response, which included conducting an investigation with the assistance of IT specialists and confirming the security of our network environment. We have also reviewed and enhanced our technical safeguards to prevent a similar incident.”

279K Impacted by Greater Rochester Independent Practice Association MOVEit Breach

Greater Rochester Independent Practice Association (GRIPA) in New York notified 279,156 individuals of a May 2023 security incident stemming from the MOVEit hack. Progress Software, which operates the MOVEit file transfer software, disclosed the hack on May 31 and issued a patch on the same day.

GRIPA learned of the exploit and immediately ceased access to MOVEit and launched a forensic investigation, its breach notice stated.

“We stopped access to the MOVEit service, securely restored our servers from backups, and applied the patches provided by the MOVEit software provider, Progress,” GRIPA added.

GRIPA encouraged impacted individuals to remain vigilant for incidents of fraud and identity theft.

Dakota Eye Institute Breach Impacts 107K

Bismarck, North Dakota-based Dakota Eye Institute (DEI) suffered a cybersecurity incident that impacted its IT systems. More than 107,000 individuals were impacted by the breach, according to an entry in OCR’s data breach portal.

However, the breach notice on DEI’s website did not specify when the breach was first discovered, or what information was breached.

DEI noted that it engaged law enforcement and a third-party cybersecurity firm immediately upon discovering the breach, and did not find any instances of fraud or identity theft.

“DEI takes its responsibility to safeguard personal information seriously and regrets any concern this incident may have caused,” the notice continued. “As part of DEI’s ongoing commitment to the security of information, the organization has reviewed and enhanced its data security policies and procedures in order to help reduce the likelihood of a similar event in the future.”