Henry Schein says customer data breached in cyber incident

Dive Brief:

  • Henry Schein, a medical and dental supplies company, is still recovering from a cybersecurity incident last month that took some of its systems offline. 
  • In a letter to its customers, the company disclosed on Monday that a data breach occurred, but “we do not have all the details of what data may have been compromised.” Customer bank accounts and credit card numbers may have been affected. Henry Shein also issued a letter to its suppliers, writing that the company is “aware that the bank account information for a limited number of suppliers was misused.”
  • CEO Stanley Bergman told investors on a Monday earnings call that the company is working to bring its e-commerce platform back online this week, and that the incident primarily affected its dental and medical distribution operations in North America and Europe.

Dive Insight:

Henry Schein lowered its sales expectations for its 2023 fiscal year, attributing the change to the cybersecurity incident. It now expects a sales decrease of 1% to 3%, compared to its prior forecast for sales growth of 1% to 3%. 

William Blair analysts wrote this “implies about a $500 million headwind primarily from the cyberattack in 2023.” 

The company also expects a $0.55 to $0.75 hit to its earnings per share related to the cyber incident. 

CFO Ronald South told investors that the company cannot provide estimates for expenses directly associated with the incident. The company’s forecast does not include one-time costs “directly attributable to reactivating the systems,” which it will report in the fourth quarter, South said. 

The company also plans to file a claim with its cyber-insurance policy, which has a $60 million after-tax claim limit. 

Bergman said the incident was discovered on Oct. 14, primarily affecting its distribution business. In response, the company took some of its systems offline to contain the incident. In the interim, field sales representatives took orders from customers while its e-commerce website was down. 

“Over the past weeks, we have worked to create a clean network in a controlled manner from the backup data,”  Bergman said. “Our distribution businesses are now operational, and we are initiating our e-commerce platform early this week. We’re indeed hopeful that the website will come up tomorrow morning.” 

As of last week, orders from the company’s distribution business were at 85% to 90% of pre-incident levels, he added. 

The ransomware group BlackCat has claimed responsibility, adding Henry Schein to its dark web leak site and claiming it stole 35 terabytes of data, according to Bleeping Computer. The listing has since been removed from the site. 

Henry Schein did not respond to questions from MedTech Dive about the incident.