Monday, October 30, 2023

Update on Henry Schein Data Breach


For those of you not in the dental field, Henry Schein, Inc is the largest dental supply company in the world.  They have multiple divisions that provide supplies, support, and equipment to the medical, veterinary, and dental industries.  They not only sell supplies, but manufacture some as well.  The company is a huge presence in the dental industry and has branches all across the US and the world.

A couple of weeks ago (Saturday October 14th to be precise), the IT team at Henry Schein noticed someting usual in their digital systems dealing with manufacturing and distribution.  Detecting these anomalies, the systems were shut down and taken offline.  Since that time, the company has been at work trying to rectify the situation, understand what happened, and get everything back up and running.  As you can well imagine, something like this has been incredibly disruptive to the company.  

In addition to selling physical goods and repair services, Henry Schein also has many electronic goods and services that they provide to clients.  Schein owns and operates the largest dental practice management software system on the planet, having purchased the company called Dentrix in the early 2000s.  Since that time they have also purchased several other PMS companies.  In addition to the software companies, Schein also offers many "add-on" pieces such as credit card billing, insurance claims submission, and patient communication platforms that interface with the PMS side.  Basically their are massive numbers of dental offices that depend on Henry Schein in myriad ways to keep them up and running as well as providing them means of billing.  So, not only do practices depend on Henry Schein for their supplies they also depend on them to keep their cash flows steady.

For those doctors who are reading this in hope of finding out more about those business services your office may be dependent on, let me tell you that according to the company "Henry Schein has determined that the practice management software used by its clients has not been disrupted."

Schein is working relentlessly to get things fixed and back to working order as soon as humanly possible. 

I also want to state that I have been at many Schein sponsored technology summits over the years.  These are events the company sponsors where we meet with them, learn about new things they are implementing, and offer suggestions on product enhancements or new products.

In the not too distant past Schein spent about a 1/2 day of one of these summits to showcase their focus on digital security.  They brought in some of their digital security experts who walked us through the different ways they protected their data as well as providing the work history and qualifications of these experts.  I was impressed.  The team was loaded with folks who had incredibly amazing schooling and work histories.  Many had worked with 3 letter government agencies.  I came out of that meeting with a high regard for Schein's focus on security.  I remember thinking that even though NO system is 100% "hack-proof", I felt that Schein was doing about as much as possible to lock things down on their end.

I mention that here because I'm sure that there are customers reading this and I want to make sure those affected understand that Schein is doing everything they can to fix this.  I also want to emphasize how important maintaining security is.  Schein is a huge company with a name and a bank account that most likely was very interesting to the criminals involved.  They would be an understandable target.  While a small dental office would not be a target as lucrative as Schein, it's a target nonetheless.  Make sure you do all you can to prevent cyber related incidents.

The other point I want to emphasize is that I feel Henry Schein has been *very* transparent throughout this incident.  It seems that the *normal* protocol for companies hit with a cybersecurity incident is to delay and diffuse until the storm from the media has passed.  While that is probably good for the company's PR side, it is not good from the side of those users affected or potentially affected by having the data at risk.  Around April-May of 2022 the ADA was hit with a breach and it was almost impossible to get information from them regarding the incident.

I have been impressed with the transparency Schein has shown throughout this incident.

As I write this, the main Schein site for ordering is *still* offline with a popup window that offers suggestions on how to still order until they have things back together.  The team at Dental Products Report has an article that discusses the current situation as well as an update on things to this point.  You can read that article here.  


No comments:

Post a Comment