The not-for-profit blood center experienced downed operations that directly impacted patient care.
A Massive Breach
On August 4th, OneBlood, a non-profit blood center that serves over 250 hospitals across the southeastern United States, announced that they were in the midst of a ransomware attack.
According to their announcement, the attack first began on July 29th, when OneBlood started losing access to several of their critical systems. The attack specifically impacted OneBlood’s ability to ship correctly-labeled blood products.
“Our critical software systems have cleared re-verification and are operating in a reduced capacity,” said Susan Forbes when the attack began, OneBlood’s senior vice president of corporate communications and public relations.
As soon as the attack occurred, OneBlood began implementing its downed operations procedures, which involved a manual process of labeling blood. According to Forbes, “Manual processes take longer to perform. We felt the impact of this the most when it came to labeling blood for release to hospitals.”
Despite the challenges, OneBlood remained operational–blood drives continued, donor centers remained open, and OneBlood continued to serve hospitals.
Over the last few weeks, the organization has begun to return to its normal operating procedures. As of August 12th, they are back to regular operations.
An Already Critical Shortage
For OneBlood, the attack could not have come at a worse time–Florida was in the midst of tropical storm Debby and the blood center was desperately seeking platelet donations.
According to another organization, the American Red Cross, it’s estimated that while 62% of Americans are eligible to give blood, only 3% donate. Although blood donations are always needed, there tend to be specific shortages in the summer and winter months. In January of 2024, the American Red Cross declared a national emergency due to the shortage, stating donation numbers were lower than they had been in the last 20 years.
During the attack on OneBlood, the organization had to move to a paper process for registration. While they have now returned to an electronic registration process for donors, these disruptions can have a direct impact on donations, and ultimately, the ability for eligible patients to receive blood. Without blood, treatments can be delayed or changed.
As soon as the attack hit OneBlood, some hospitals began using blood conservation protocols. According to a local news report, Tallahassee Memorial Healthcare began monitoring its blood inventory levels while evaluating other potential suppliers. The hospital ultimately rescheduled two complex elective surgeries. The hospital formalized an agreement with another blood distributor to help meet needs.
Thankfully, OneBlood responded relatively quickly to the attack, mitigating potential harms and delays caused by the shortage. “All blood products are available and we are filling orders as requested by hospitals. Our priority was to bring our critical software systems utilized for managing our daily operations and the blood supply back online and we have done that,” said Forbes.
A New Trend
Unfortunately, reports reveal that attacks on blood banks could be part of an unsettling new trend. The American Hospital Association (AHA) and Health-ISAC released a joint statement outlining an increased concern for blood donation centers.
The statement discussed 3 recent attacks on blood centers, including OneBlood.
Other attacks included one against Octapharma, a blood plasma provider. In late April, Octapharma was attacked by the Russian-speaking ransomware gang BlackSuit. The center was forced to go offline and close 176 plasma donation centers across the United States between April 17th and April 25th, resulting in major disruptions to healthcare. The gang also stole donor information and Protected Health Information (PHI).
Another attack occurred on June 3rd, this time against a United Kingdom pathology provider, Synnovis. This attack delayed more than 800 planned operations and 700 outpatient appointments. It also wasted thousands of blood donations, which were unable to be correctly identified due to downed operations.
According to the AHA, these attacks appear to be unrelated. “However, the unique nature and proximity of these ransomware attacks–targeting aspects of the medical blood supply chain within a relatively short time frame, is concerning,” read the AHA’s brief.
John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, said, “There appears to be a shift in pattern here, or a trend emerging, where Russan ransomware groups may be targeting life-critical and mission-critical supply chain[s], including blood supply…It’s the equivalent of a life-threatening extortion.”
While the attacks occurred at different times, if they were to take place at the same time, patient care would be heavily impacted.
What We’ve Learned
Fortunately, OneBlood was able to quickly respond to the attack and implement procedures for downtime operations.
The AHA recommends all blood centers consider their supply chain and how they will continue meeting critical needs in the event of a breach. Hospitals should also consider or incorporate alternative supplies for blood.
Currently, OneBlood has declined to comment on the specifics of the attack. On their FAQ page, OneBlood says they are “currently working with cyber security specialists and are committed to implementing enhanced precautions should they be recommended. The safety and data security of donors, team members, hospital partners and their patients, and the blood supply are our utmost priorities. OneBlood is committed to protecting the safety of the blood supply and the integrity of our lifesaving mission.”
The incident serves as a reminder that data breaches can have a direct impact on patient care. Emergency response and operating procedures are a necessity. Furthermore, organizations should regularly perform risk assessments to determine potential vulnerabilities.
How Cloudticity Can Help
Data shows breaches continue to increase, with potentially devastating consequences for healthcare organizations and their patients. Not only are hospitals and healthcare organizations heavily targeted, but so are the many third parties, like blood centers, they are reliant on.
These organizations handle vast amounts of sensitive and valuable data, making them heavily targeted by malicious actors. Despite the threat, a shortage of cybersecurity experts leaves institutions vulnerable and ill-prepared.
That’s where Cloudticity comes in. As a HITRUST certified organization with over 10 years as a leader in managed security for healthcare, we’ve never suffered a data breach. We use a proven security tech stack with the best cybersecurity experts, ensuring your data is safe and any vulnerabilities are promptly addressed.
While attacks, and the associated costs, are rising, Cloudticity helps organizations focus their resources on serving patients instead of security concerns.
If you want to learn more about how we can help protect your organization from ransomware, reach out for a free consultation today.