BlackCat or ALPHV, the group that claimed to be behind the breach of Suffolk County’s computer systems, has taken responsibility for a ransomware attack that has impaired Henry Schein’s website for more than three weeks, experts said.
BlackCat posted late last month that it had breached the medical and dental supplier’s system and would publish the firm’s data on Nov. 3, according to Ido Cohen, founder and CEO of DarkFeed, which tracks ransomware intrusions. No data was released and the original post was removed, which suggests Henry Schein might be negotiating with BlackCat, Cohen said in an email.
Messages from BlackCat were posted on the dark web, a private part of the internet that can attract criminal activity, experts said.
Henry Schein spokeswoman Ann Marie Gothard didn’t directly respond to questions from Newsday. The company previously said it notified law enforcement and is relying on cybersecurity and forensic IT experts.
On Oct. 14, Henry Schein, the largest publicly traded company on Long Island, determined a “cybersecurity incident” had impacted a portion of its manufacturing and distribution businesses, but not the practice management software used by clients, the firm said in a news release.
The Melville-based company’s website was down days after the attack and hadn’t returned to normal as of Wednesday afternoon. A bright blue notice instructed clients to order products by contacting their representative or “telesales” phone numbers.
“Oftentimes when you’re hacked, your systems are whacked,” Steve Morgan, founder of Cybersecurity Ventures, a Northport-based cybersecurity market researcher and publisher, said in an email. “The longer systems are down, the more damage has been caused. This much time passing indicates the seriousness of the intrusion and theft.”
BlackCat generally gains access to computer systems through messages, emails or texts that phish users, according to Michael Nizich, director of the Entrepreneurship and Technology Innovation Center at the New York Institute of Technology.
Once in, the group can exploit loopholes to access other parts of the system. For instance, in Suffolk County, the group appears to have initially gained access to the county clerk’s office and eventually moved to the sheriff’s department, he said.
BlackCat typically takes data — in Henry Schein’s case, trade publications said it was payroll and investor information — and encrypts the original data, Nizich said. For a price, the group offers to restore the targeted organization’s access to the data, he said. Still, even if a deal is struck, businesses may not be confident that BlackCat won’t release, sell or otherwise exploit the data it collected in the future, he said.
Henry Schein will “discuss the impact of the business disruption and associated costs of recovery” from the cybersecurity attack during a Nov. 13 earnings call, according to a news release. Data breaches cost organizations an average of $4.45 million, according to a 2023 report from IBM that studied more than 550 groups impacted by data breaches. It took firms an average of 73 days to contain breaches, the report said.