BlackCat strikes again - and this time it's breached a healthcare giant

(Image credit: Shutterstock / binarydesign)

The notorious BlackCat ransomware actor appears to have claimed another high-profile victim after Fortune 500 healthcare organization Henry Schein was hit. 

As reported by BleepingComputer, the ransomware gang, also known as ALPHV, added Henry Schein to its data leak site, claiming it took some 35TB of data during the attack.

It also seems as if, after a bit of back-and-forth, the healthcare firm came to an agreement with the criminals. At first, the company was given the decryption key and started restoring its systems, but before the restoration was completed, BlackCat re-encrypted everything as negotiations broke down.

Containing the incident

"Despite ongoing discussions with Henry's team, we have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network," the gang was quoted as saying.

"As of midnight today, a portion of their internal payroll data and shareholder folders will be published on our collections blog. We will continue to release more data daily."

Soon after, BlackCat deleted all of the Henry Schein data from its website, suggesting that the two may have finally agreed. There is no word from the company on this news just yet.

The attack took place roughly two weeks before BlackCat started posting the data online. Back then, Henry Schein reported suffering a cyberattack that affected its manufacturing and distribution businesses, and that it was forced to take some of it systems offline to mitigate the damages.

"Henry Schein promptly took precautionary action, including taking certain systems offline and other steps intended to contain the incident, which has led to temporary disruption of some of Henry Schein's business operations. The Company is working to resolve the situation as soon as possible," it said.

As usual, the company notified the police and brought in forensic experts to help with the investigation. It also urged the customers at the time to place orders either through a Henry Schein representative or via phone.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.