ALPHV/Blackcat group has announced its plans to encrypt Henry Schein systems for the third time. The group’s actions are part of their efforts to pressure the company to terminate negotiations after a large-scale cyber attack in October. The ongoing negotiations with the hackers are deteriorating, and the group is accusing the company of not displaying professionalism.
Henry Schein, a global leader in healthcare products and services distribution, has been facing challenges in restoring its business operations after the attack. On October 15, the company announced that it had to disable some systems to contain the cyber attack. The system shutdowns resulted in disruptions in the company’s production and distribution departments.
The unfolding story resembles a saga, in which Henry Schein appears to be at a disadvantage. Alphv/Blackcat published a lengthy message on their website, criticizing Henry Schein for various issues, including strategic errors, inadequate communication, and questionable decision-making.
In their message, the group threatened a “next level of attack” and detailed three aspects: a description of what happened, highlighting Henry Schein’s security issues, and outlining their plans for the future. The group also provided “lessons” extracted from these events for the company’s cybersecurity team and negotiators.
“Coveware, Stroz Friedberg, Avasek, Proskauer, Clearly, and others realized that they should not show excessive self-confidence when dealing with Alphv. Their strategies were detrimental, resulting in the respected company suffering operating losses of over $500 million for two months,” stated the extortionists.
The message is accompanied by a 35 TB file of confidential information, which BlackCat claims to have removed from Henry Schein’s servers. The data includes employees’ confidential letters, passport information, customer personal data, and supplier bank account details.
Additionally, the group has published a copy of the Stroz Friedberg report, indicating the extent of BlackCat’s potential access to the company’s systems.
The initial attack was disclosed on October 15, when Henry Schein had to disable certain systems to prevent further spread of malicious software. On November 13, the company confirmed that the attackers had accessed confidential information, such as bank account and credit card details. It is likely that other valuable information was also compromised. On November 22, the company reported that some applications and the electronic commerce platform had to be disconnected again due to a new attack, for which the BlackCat group is also held responsible.