Henry Schein Hit by Cyberattack in Mid-October

In October, Melville, New York-based Henry Schein responded to a cyberattack, which forced the healthcare product distributor and manufacturer to take certain systems offline, including its eCommerce platform, in a move that primarily disrupted its dental and medical businesses. 

Henry Schein has since reported it has contained the cybersecurity incident, which was discovered on Oct. 14, and has restored most of the business-critical systems it “proactively took offline in response to the situation, and is making significant progress towards resuming normal-course operations.”

In the company’s financial result report published Nov. 13, Henry Schein’s CEO and Board Chairman Stanley Bergman said the distributor would initiate reactivation of its eCommerce platform within the week. As of Nov. 13 at 3:30 p.m. ET, its website instructs customers to place orders through a Henry Schein representative or via telesales instead of the website. Orders were still expected to ship within 24 hours of placement.

The disclosure of the breach comes two week after Ace Hardware disclosed its (unrelated) cyberattack, which also forced system suspension and disrupted online orders. In September, MRO supplies distributors Shively Bros also disclosed a February data breach.

Financial Impact of Cyberattack on Henry Schein

The cyberattack on Henry Schein is estimated to have caused a $0.55 to $0.75 per share business interruption impact.

On Nov. 13, Henry Schein updated its full-year 2023 guidance, in which it expects non-GAAP diluted EPS of $4.43 to $4.71, to reflect the cybersecurity incident and a softening of macroeconomic conditions. Full-year 2023 sales are now expected to be approximately 1% to 3% lower than full-year 2022 sales, which is an update from prior guidance of 1% to 3% sales growth. The company reported a third quarter dip in profits to $137 million, compared to 3Q 2022 GAAP net income of $150 million.

Despite the cybersecurity incident, Bergman said in the earnings report that the company has “confidence in the stability of the dental and medical markets” and the company remains committed to its strategic priorities and long-term financial model.

Henry Schein reported that it expects to file an insurance claim in 2024 related to the incident.

“We expect the claim will be covered under its cyber insurance policy, although final resolution is subject to insurer approval,” officials said in the financial report release. “This policy has a $60 million after-tax claim limit after a $5 million retention, and any recovery from the claim will likely not be recognized until late 2024.”