Dear USET/USET SPF Family,
USET is committed to providing pertinent information to USET member Tribal Nations for safe and efficient operations. The purpose of this alert is to update you on the national data breach impacting a vendor that is utilized by many Tribal Nations.
USET previously notified you about Henry Schein, the producers of the Dentrix Dental Management system and supplier for medical equipment and supplies, that is used at several Tribal health centers, was subject to a cyber-attack on October 14, 2023. During that attack, hackers were able to steal over 35 TB (Terabytes) of company information and place ransomware software on the company’s files, including Henry Schein’s payroll data and shareholder information.
On November 8th, 2023, Anthony Harris, Division of Information Security (DIS) ISSO Indian Health Service emailed a statement that states the incident was investigated by the IHS CSIRT and as of now they did not find any connections between Henry Schein and the IHS network, meaning that IHS feels that it is unlikely that the ransomware reached any Tribal Nations. The email also states that “so far, no customer information has been breached.”
Definitions:
CSIRT: Cybersecurity Incident Response Team. CSIRT responds to all computer security incidents within IHS. When a suspicious event or incident is reported to the CSIRT, the team classifies the occurrence as an incident or event, investigates incidents, and notifies the Health and Human Services (HHS) Computer Security Incident Response Center of their findings.
Lan-to-Lan: The physical computer network connection between the IHS and a Tribal Nation.
|