Henry Schein, a global leader in healthcare technology and product distribution, is still struggling to restore business operations since it announced the ransomware attack on its company website on October 15th.
Negotiations have not ended the cyber-attacks, with the Russian-linked ransomware operators calling out the healthcare solutions giant – once again – for a lack of “professionalism.”
The three-month-long cat and mouse game has played out like a ransomware soap opera, with Henry Schein clearly on the losing end of the game.
APLHV/BlackCat posted a lengthy message on its dark leak site Tuesday – the third of its kind since the initial attack – titled, “Henry’s ” LOST SHINE.”
The 534-word post slammed the company for “detrimental strategy.. management issues… lack of communication… and questionable decision making,” amongst other issues.
APLHV/BlackCat even provided a ‘lessons learned’ for Schein and its team of cybersecurity experts and negotiators.
“Coveware, Stroz Friedberg, AVASEK, Proskauer, Clearly and other folks have realized that they should not be overconfident when dealing with Alpha. Their strategies have proven to be detrimental, causing a reputable company to incur 2 months of operational losses totaling over 500 million USD,” the cybercriminals said.
During the third round of damage, the cybercriminals posted a 14-piece sample of the alleged 35TB of sensitive information they claim to have exfiltrated from Henry Schein servers, including confidential emails, snippets of database files containing customer information, as well as folders containing supplier’s bank account details.
The cybercriminals also posted a copy of a Stoltz Friedberg (digital forensics expert hired by Henry Schein) Interim cybersecurity report detailing the events from the October ransomware attack, dated November 17th, 2023.
The report, produced well after the first cyber-attack took place, confirms that the cybercriminals still have a persistent foothold in Henry Schein’s network.
This true-life story of a cyber-attack provides business leaders with several important lessons. Let’s discuss a few of these.
- Lesson # 1 Cybercriminals have become more brazen and sophisticated – In this case, the cybercriminals maintain a persistent foothold that Henry Schein’s Cybersecurity team cannot stop. In addition, the cybercriminals have used multiple methods of extortion in order to get their ransom paid.
- Lesson # 2 Financial Impacts for Cyber-Attacks are increasing – For Henry Schein, MGM, Caesars and others, the costs for a cyber-attack have easily gotten into the hundreds of millions of dollars.
- Lesson #3 Multiple Extortion is here to stay – Cybercriminals are no longer satisfied with just encrypting your data and requesting a ransom. They are now being more patient, establishing a quiet, persistent foothold and then exfiltrating your data, threating to public your data, and even using other methods of extortion such as Distributed Denial of Service attacks or reporting you to the authorities for not reporting your own cyber-attack.
If you want to learn more about understanding cyber risk and developing a cybersecurity plan to protect your organization, reach out for a complimentary Cybersecurity Discovery Call.