The healthcare specialist firm Henry Schein has been hit by a second cyberattack by the BlackCat ransomware group. Henry Schein, Inc. is a U.S.-based distributor of healthcare products and services with a presence in 32 countries.

Considering the impact of this latest cybersecurity incident or Digital Journal is Kevin Kirkwood, Deputy CISO at LogRhythm.

Kirkwood looks at this latest incident in context, finding: “Henry Schein is facing its second cyberattack by the BlackCat / ALPHV ransomware gang since October. Following the attack, announced by the company on November 22, the e-commerce platform was taken offline.”

BlackCat is a ransomware family written in Rust, that made its first appearance in November 2021. This is also the name of the threat actor that exploits it.

In terms of the details that have emerged, Kirkwood states: “BlackCat claimed to have stolen 35 terabytes of sensitive data and is threatening to release new data daily. Henry Schein is a Fortune 500 healthcare solutions provider with global customers and operations. BlackCat also claimed responsibility for a cyberattack on the company in mid-October after breaching its manufacturing and distribution systems.”

The hackers use Emotet botnet malware as an entry point.

In terms of wider lessons for industry, Kirkwood puts forward: “Organizations in the healthcare industry continue to be a top target for cyberattacks. Considering Henry Schein’s wide customer reach, it is even more important for the company to take the right steps in safeguarding sensitive data.”

A further recommendation is: “To protect against ransomware threats, a strong cybersecurity posture must be implemented and should include automated incident and response plans to efficiently identify cyber threats and provide a comprehensive view of the IT infrastructure.”

In terms of the advantages, Kirkwood indicates: “This preventative approach will not only allow organizations to continually monitor threats but facilitate the proper countermeasures.”

There are other measures to take as well, which Kirkwood pinpoints as: “In addition, organizations should prioritize regular backups, end user training and password hygiene. It’s crucial to recognize that paying a ransom in the event of a cyberattack confirms to outsiders that their company is a target. By bolstering their cybersecurity measures and adhering to best practices, companies like Henry Schein can avoid the need to make such concessions and proactively protect their valuable data and reputation.”