OneBlood, a nonprofit blood donation organization based in Florida, encountered a ransomware attack that is impacting its capability to supply blood to hospitals in the U.S. OneBlood supplies blood to about 250 hospitals in Alabama, Georgia, Florida, and South and North Carolina. On July 31, 2024, OneBlood announced that it suffered a ransomware attack that impacted its software program. OneBlood stated it did not stop operations and is still collecting, testing, and distributing blood; however, it uses manual steps and procedures that take more time, therefore it is presently operating at a considerably lower capacity.
Because of the restricted operational capability, OneBlood has advised all 250 partner hospitals to apply their critical blood shortage practices and to stay in that status until the remediation of the ransomware attack. AdventHealth in Florida was one of the impacted health systems, which has affirmed that it has imposed its blood conservation practices. To help avoid the shortage of blood, the national blood community is working to aid OneBlood and the 250 hospitals by providing blood and platelets.
OneBlood stated all blood types are needed; however, there is an immediate requirement for O-positive and O-negative blood and platelets. Donations and donors are being prompted to visit the hospitals and donate blood without delay. The AABB Disaster Task Force National is coordinating resources and directing more blood supplies to OneBlood.
OneBlood has involved cybersecurity professionals to help with the ransomware attack investigation and determine its extent. At this early phase of the investigation, it isn’t possible to say to what degree, if any, donor data was acquired by the threat actors or if there’s any HIPAA law violation. More information will be published as the investigation moves along and if donor details are affected, the organization will issue notifications to the impacted persons.
According to Bleeping Computer, the attack involved the encryption of files stored on OneBlood’s VMware hypervisor infrastructure. The organization is working 24/7 to re-establish its software programs. RansomHub group is alleged of being responsible for the attack but the group has not confirmed this yet. RansomHub is known to conduct attacks on healthcare companies and has lately targeted the Rite Aid chain of pharmacies, American Clinical Solutions (ACS) in Florida, the Florida Department of Health, the NRS Healthcare based in the U.K., and the Baim Institute for Clinical Research in Boston. Although RansomHub was not responsible for the Change Healthcare ransomware attack, it made an extortion attempt after getting a copy of the stolen data.
There were other recent ransomware attacks on healthcare companies that have prompted the lack of blood supplies. On June 3, 2024, the Qilin ransomware group executed a ransomware attack on Synnovis, which is the National Health Service (NHS) pathology services provider in the U.K. The attack resulted in disruption to blood transfusions in London. Because automated processes were down, Synnovis’ operation was greatly diminished and the attack resulted in blood shortages that are still ongoing.
The hospitals that use Synnovis services were told to use O Type blood for emergency cases only and to utilize substitutions whenever it was okay to do so. Synnovis has already announced the restoration of its systems, but it is expected that its blood transfusion services will still experience disruption throughout the summer. Complete recovery may be in the beginning of autumn. One more ransomware attack impacted the U.S. operations of OctaPharma Plasma, a Swiss pharma company, which runs over 190 donation facilities in 35 states. The ransomware attack is believed to have been performed by the BlackSuit ransomware group and compelled OctaPharma Plasma to close its donation centers for a few weeks.