Major U.S. healthcare solutions provider Henry Schein was claimed to be compromised by the ALPHV/BlackCat ransomware operation in an attack last month, which resulted in the theft of 35 TB of files, BleepingComputer reports.
While nearly all Henry Schein systems disrupted by the attack have already been restored, ALPHV/BlackCat moved to re-encrypt all of the healthcare solutions provider's devices nearly two weeks after the attack was initially disclosed following failed negotiations.
"Despite ongoing discussions with Henry's team, we have not received any indication of their willingness to prioritize the security of their clients, partners, and employees, let alone protect their own network," said ALPHV/BlackCat, which threatened to leak some of the company's internal payroll data and shareholder folders, with further data to be exposed in the following days.
However, ALPHV/BlackCat has since removed Henry Schein from its leak site, suggesting a possible ransom payment or renegotiations between both parties.
Henry Schein attack claimed by ALPHV/BlackCat ransomware
Major U.S. healthcare solutions provider Henry Schein was claimed to be compromised by the ALPHV/BlackCat ransomware operation in an attack last month, which resulted in the theft of 35 TB of files, BleepingComputer reports.
Malicious QR code messages have also been increasingly leveraged to compromise the sector, with Office 365 used to send over 15,000 of such messages to education entities, a Microsoft Threat Intelligence report showed.
Misconfigured Magento or OpenCart instances may have been targeted to facilitate the deployment of Mongolian Skimmer, which uses various event-handling methods to ensure extensive compatibility while hiding malicious activity with heavy Unicode character utilization.