Cybersecurity incident prompts Henry Schein to take systems offline, disrupting operations | MedTech Dive
By: Nick Paul Taylor (MedTech Dive)
S E E D E D C O N T E N T
Dive Brief:
- Henry Schein has taken "certain systems offline" after a cybersecurity incident at "a portion of its manufacturing and distribution businesses."
- The company, which reported sales of $12.6 billion last year, took systems offline and made other changes to contain the incident, causing "temporary disruption" to some operations.
- Henry Schein, a distributor of medical and dental supplies, said practice management software used by its clients is unaffected by the actions, but its website remained offline early on Oct. 18.
Dive Insight:
Henry Schein determined that a cybersecurity incident had taken place on Oct. 14 and put out a press release about the attack the next day. The statement revealed that Henry Schein had "promptly" taken "precautionary action" after learning of the cybersecurity incident, without explaining the nature of the attack or giving a detailed picture of the businesses affected and the disruption caused.
The company was still working to resolve the situation and investigating "any data impact" when it put out the statement. Outside cybersecurity and forensic information technology experts were supporting the work. Henry Schein's website was offline early on Wednesday morning.
In an email, Henry Schein spokesperson Ann Marie Gothard said the company had nothing to add beyond its Oct. 15 statement.
Amid the ongoing disruption, Henry Schein is continuing to get work done. The company confirmed the completion of its previously disclosed takeover of Shield Healthcare on Tuesday. Shield generated sales of $180 million last year by supplying medical products to patients at home.
News of the cybersecurity incident at Henry Schein comes shortly after 23andMe issued a notice about data concerns at its operation. The consumer genetic testing company contacted customers after some user information was put up for sale online.
Trolling, taunting, spamming, and off topic comments may be removed at the discretion of group mods. NT members that vote up their own comments, repeat comments, or continue to disrupt the conversation risk having all of their comments deleted. Please remember to quote the person(s) to whom you are replying to preserve continuity of this seed. Any use of the phrase "Trump Derangement Syndrome" or the TDS acronym in a comment will be deleted.
Tags
Who is online
69 visitors
This is the behind-the-scenes stuff you don't hear about much in healthcare. One of the largest suppliers of US hospitals, urgent care centers, and physician and dental offices is not able to operate right now due to a cyberattack. This article says the website was still down on October 18th; well, it was still down on October 24th, too. Their ordering system is down, so we can't order supplies. Their billing system is down, so they can't send out bills, and we can't access our accounts to pay those bills. They don't know when the situation will be resolved, so neither do healthcare providers.
This is a minor inconvenience to me, but could become a major problem for hospitals as they pivot to other suppliers, who could easily become overwhelmed.
Randsomware is now part of doing business for healthcare providers. It's been ramping up for the last 4 years.
I've been paying for it for several years now. We don't store credit card numbers, but some insurance companies still use social security numbers as ID numbers.
The system has been down for 10 days, that is a real problem.
Selling personal information on line. Oh, just great.
That was 23andme. But Schein has access to hospital banking information, and it might be possible to access patient information via their cloud-based practice management software.
User data is a huge business for sales and marketing. It's something groups have been lobbying Congress to monitor and block, but nothing really gets done. There are some opt-outs, but most of the time its part of the Terms of Use Agreement.