The BlackCat (ALPHV) ransomware group has claimed responsibility for an attack on Henry Schein, a Fortune 500 distributor of dental and medical supplies and provider of practice management software and solutions for healthcare providers.

Henry Schein confirmed on October 15, 2023, that it had experienced a cybersecurity incident, which was detected on October 14, 2023. The incident affected a portion of its manufacturing and distribution business, which caused temporary disruption to its business operations.  More than three weeks on and the company is still experiencing technical difficulties with its website and webshop.  Third-party cybersecurity consultants have been engaged to investigate the breach and the data impact, and law enforcement has been notified. The incident is still being investigated; however, it has been determined that users of its client management software were unaffected.

According to the BlackCat group’s dark web data leak site, 35 terabytes of data were stolen in the attack, including payroll and shareholder data. The group claimed to have encrypted files and was negotiating with the company, and just when the company had almost completed restoring its systems, they were encrypted again as negotiations failed. BlackCat also threatened to publish some of the company’s payroll and shareholder data. The listing has since been removed, indicating negotiations have resumed.

Ventura Orthopedics Notifies Patients About 2020 Ransomware Attack

Ventura Orthopedics in California has recently started notifying patients that some of their protected health information was compromised in a July 20, 2020, ransomware attack. According to the company’s substitute breach notice, the security breach was discovered in September 2020 when files on its network were encrypted. A ransom demand was received, but Ventura Orthopedics was able to recover the encrypted files from data backups so the ransom was not paid. At the time, the investigation indicated the attackers gained access to the information of a single patient, who was notified at the time.

Further investigation into the incident has revealed additional patients were also affected. The hackers gained access to the files of a single physician and his physician assistant. Those files included names, dates of birth, and drug and laboratory testing results from 2016, 2017, and 2018. Notification letters are now being sent to those individuals.

According to DataBreaches, the Maze ransomware group added the company to its leak site and the Conti group later leaked the data of 1,850 individuals on its data leak site. The site tried to make contact with Ventura on several occasions and also filed a complaint with OCR about the incident, which OCR investigated. On September 13, 2023, the company said it had discovered additional data was involved, following a conference call with the site’s operator.

At present, the incident is not yet showing on the HHS’ Office for Civil Rights breach portal, and Ventura Orthopedics has not yet publicly disclosed how many individuals were affected.

PHI Exposed in Cyberattack on Edward C. Taylor, PhD

Edward C. Taylor, Ph.D., a provider of counseling and psychoeducational assessment services in Jacksonville, FL, has recently completed an investigation of a cyberattack. A security breach was detected on August 19, 2023, and third-party digital forensics specialists were engaged to investigate and determine the nature and scope of the incident. On or around October 5, 2023, it was confirmed that an unauthorized individual had gained access to its network for one day and exfiltrated files containing company information.

It was not possible to determine whether the stolen files contained any patient information; however, files were present on the compromised part of the network that included the protected health information of 6,684 patients. The exposed information included names, contact information, dates of birth, insurance information, information relating to mental health including clinical information, and diagnoses. Internal settings and controls have been updated and passwords changed to prevent similar breaches in the future.

The post BlackCat Ransomware Group Claims Responsibility for Attack on Henry Schein appeared first on HIPAA Journal.