A ransomware attack on OneBlood disrupted blood and platelets distribution across 250 hospitals, forcing the blood center to request affiliated health facilities to activate their critical blood shortage protocols. OneBlood also activated manual systems to collect, test, and distribute blood.
“On Monday, July 29th, OneBlood became the target of ransomware. The blood center quickly implemented manual processes so it could continue to collect, test, process and distribute blood to more than 250 hospitals throughout the southeastern United States,” stated OneBlood.
OneBlood said it responded by shutting down impacted information technology systems, resulting in the center operating at a significantly reduced capacity in Florida, Georgia, and the Carolinas.
The cyber incident mainly affected the blood labeling process, although OneBlood remained operational during the attack.
Blood center is investigating a ransomware attack
OneBlood has launched a probe to determine the scope of the ransomware attack. The blood center has also initiated efforts to restore impacted systems to attain full functionality.
“Our team reacted quickly to assess our systems and began an investigation to confirm the full nature and scope of the event,” said Susan Forbes, OneBlood senior vice president of corporate communications and public relations. “Our comprehensive response efforts are ongoing, and we are working diligently to restore full functionality to our systems as expeditiously as possible.”
The Orlando, Florida-based non-profit is also investigating whether the ransomware attack compromised blood donors’ sensitive personal and medical information, such as medical history, blood type, and test results. The center said it would offer credit monitoring to impacted individuals.
Meanwhile, OneBlood has assured new blood donors that the attack would not impact their personal information should they participate in the ongoing blood drive. The blood center has also encouraged people to donate blood, especially platelets that are in high demand.
However, the blood center has suspended the donor rewards store “out of an abundance of caution” and cannot process therapeutic donations.
Meanwhile, the AABB Disaster Task Force is mobilizing national resources to replenish OneBlood’s reserves. The blood center is also working with cyber security experts and federal, state, and local agencies to respond to the ransomware attack.
On August 5, OneBlood announced that impacted systems were coming back online with priority given to the “software system used to manage the blood supply.” A day later, the blood center also restored “critical software systems utilized to manage its daily operations.”
“At this time, our processing and distribution of blood products to hospitals is near normal output,” Forbes said.
Medical services targets for cyber attacks
Emergency medical services (EMS) and hospital and clinical services are attractive targets for cyber attacks.
According to Sean Deuby, Principal Technologist at Semperis, cybercriminals will attack any healthcare organization to “make as much revenue as possible, as quickly as possible, without regard to the consequences of their actions.”
In June 2024, Acadian ambulance services suffered a ransomware attack that disrupted certain computer systems and leaked the protected health information of 10 million people. The attack follows similar incidents targeting ambulance services DocGo Inc, Superior Air-Ground Ambulance Service, and MedStar Mobile Healthcare.
However, targeting a non-profit blood distribution center shows that hackers are increasingly desperate to disrupt any healthcare services within reach to capitalize on the suffering of vulnerable individuals.
“Clearly ransomware has evolved from an annoyance to a potentially dangerous threat to human life,” noted Erich Kron, Security Awareness Advocate at KnowBe4. “The attacks on healthcare have shown how little regard these attackers have for human life and safety.”
Meanwhile, no cybercrime group has taken responsibility for the OneBlood ransomware attack or made any ransom demands.