Digital security lock showing ransomware attack and data breach

Blood Donation Service Confirms July 2024 Ransomware Attack Resulted in Personal Data Breach

American blood donation service OneBlood has confirmed that the July 2024 ransomware attack resulted in personal data breach.

On July 29, 2024, OneBlood said it shut down some IT systems, reducing its capacity to collect, test, process, and distribute blood in Florida, Georgia, and the Carolinas after experiencing a cybersecurity incident.

The non-profit organization also implemented alternative processes to mitigate the impacts and launched an investigation to determine the full scope of the cyber attack.

It also issued an urgent plea for O-positive, O-negative, and Platelet donations to cope with urgent transfusion needs. It also advised partner hospitals to activate critical blood shortage protocols while it addressed the ransomware attack.

OneBlood confirms data breach from a ransomware attack

OneBlood said it concluded its investigation on December 12, 2024, and determined that the ransomware attack data breach occurred on July 14, 2024.

According to the company’s statement, the attacker maintained access for two weeks until July 29, 2024, and copied certain files containing personal information without authorization. OneBlood says it determined that the exfiltrated files contained the victims’ names and Social Security Numbers.

However, other sensitive personal information that OneBlood collects, such as emails, phone numbers, physical addresses, medical history, and demographic information, was not exposed in the July 2024 data breach.

While the exemption of this information spares the data breach victims from phishing attacks, cybercriminals can still use the leaked names and social security numbers for identity theft.

Subsequently, One Blood directed data breach victims to enroll in its one-year complimentary identity theft protection service to prevent cybercriminals from abusing their information.

Victims should also monitor their credit reports and place credit alerts to prevent online scammers from opening new credit lines using their leaked personal information.

“Ransomware attacks are pretty much synonymous with data breaches, and this was certainly no exception,” said Erich Kron, Security Awareness Advocate at KnowBe4. “Modern ransomware groups put a lot of effort towards stealing data because they know that it can often be used as leverage to force organizations to pay ransoms in exchange for not leaking the data, so when we hear about a ransomware attack taking down systems, we can safely assume most of the time that personal data was stolen as well.”

Meanwhile, OneBlood has yet to disclose the number of victims impacted by the ransomware attack data breach. However, it notified authorities in Maine, Vermont, and South Carolina. Although not required, the blood donation service also notified the U.S. Department of Health and Human Services of the data breach.

Nonetheless, OneBlood asserts that the ransomware attack was contained, and impacted individuals were notified.

In addition, the blood donation service said it had restored its operations by Aug. 8, 2024, by prioritizing a critical software system for managing blood donations, resulting in “normal output” for 250 hospitals that depend on its services.

While RansomHub had claimed responsibility for the ransomware attack, OneBlood has not officially attributed the group to the ransom attack.

Healthcare system suffered cybersecurity incidents

Meanwhile, the OneBlood ransomware attack was among numerous cyber incidents affecting the U.S. healthcare system, resulting in supply chain concerns.

In addition to OneBlood, Synnovis and Octapharma also suffered cybersecurity incidents that impacted patient care, resulting in a joint alert from the American Hospital Association and Health-ISA.

The alert advised healthcare organizations to apply “risk management assessment principles to their critical suppliers and partners.” It also urged healthcare organizations to identify multiple suppliers to create redundancies and eliminate single points of failure.

According to the HHS Office for Civil Rights, the United States experienced over 718 healthcare data breaches in 2024, affecting over 180 million individuals.