Cyber Pirouette: How Henry Schein Turned a Cyberattack into a Crisis Management Masterclass

In a cyber crisis akin to a digital ballet, Henry Schein masterfully navigates new SEC regulations. Their cybersecurity disclosure is the first since these regulations kicked in. Despite the drama, they’ve kept stakeholders updated, proving that dealing with cyberattacks requires not just code-cracking, but a dash of comedic grace too. Bravo, Henry Schein!

Hot Take:

Henry Schein’s been hit with a cyberattack and they’re handling it like a pro. They’ve got the finesse of a ballerina navigating a minefield, tiptoeing around SEC regulations and keeping investors and customers updated without causing mass hysteria. While they haven’t spelled out the exact impact of the cyber incident yet, their approach is a masterclass on how to deal with a cyber crisis. Bravo, Henry, bravo!

Key Points:

  • Henry Schein, a company on the Medtech Big 100, is the first to disclose a cybersecurity incident since the new Securities and Exchange Commission regulations kicked in.
  • Under these new rules, all publicly traded companies registered with the SEC have to release details of a cyberattack within four days of determining it has a material impact.
  • Henry Schein hasn’t specified whether the incident has a material impact yet and hasn’t filed a disclosure under the new Form 8-K Item 1.05 for material cybersecurity incidents.
  • Despite this, the company announced the incident in a news release and filed it with the SEC on a Sunday, showing the urgency of the matter.
  • Henry Schein’s initial disclosure was brief and not overly specific, but they followed up with more information for customers and investors 9 days after the initial disclosure.

Need to know more?

Updates after the Initial Cybersecurity Disclosure

After the initial 'we've been hit' announcement, Henry Schein didn't leave its stakeholders hanging. Nine days post-disclosure, they sent out a letter to customers with updates on the situation, contact info for placing orders, and even slipped in an apology. Investors weren't left in the cold either, they received an 8-K filing with an update on operations.

Keeping the Business Machine Running

Despite the cyberattack, Henry Schein's business operations seem to be chugging along. Customers in the US and Canada can still place orders, and their European, Australian, New Zealand, Asian, and Brazilian distribution businesses are generally operational. Even their practice management technology business, Henry Schein One, remains unscathed.

Stay Tuned for Q3 Earnings Call

The company's third-quarter conference call is scheduled for Nov. 13. We're all ears to see if and how top executives address the cybersecurity incident. They've also hinted at needing more time to submit their 10-Q quarterly report due to "information access limitations" from the cyber incident. But don't worry, they've assured that the report would be in by the end of November.

In a world where cyberattacks are becoming the norm, it's refreshing to see a company like Henry Schein handle it with grace and transparency. They've set the bar high for how to handle a cybersecurity crisis. Let's see who else can dance this ballet.

Tags: cyberattack, Cybersecurity Disclosure, Henry Schein, Medical Device Manufacturers, Medtech Big 100, Q3 Earnings Call, SEC regulations