Fraud Management & Cybercrime , Healthcare , Industry Specific

Ransomware Hit on Florida Blood Center Affects Supplies

OneBlood Is Urging Hundreds of Hospitals to Activate Shortage Protocols
Ransomware Hit on Florida Blood Center Affects Supplies
OneBlood said it is dealing with a ransomware attack that has forced it to resort to slower manual processes that are affecting blood collection and inventory. (Image: OneBlood)

A Florida-based blood donation center is urging hundreds of hospitals in the southeastern United States to activate critical blood shortage protocols as the nonprofit organization deals with a ransomware attack that's disrupting its blood collection, inventory and related processes.

See Also: Advancing Cyber Resiliency With Proactive Data Risk Reduction

U.S. federal authorities suspect Russian-speaking ransomware-as-a-service gang RansomHub is behind the attack on Orlando-based OneBlood.

OneBlood in a statement Wednesday on its website said it continues to collect, test and distribute blood but that the manual processes and procedures it implemented in order to remain operational during the incident take "significantly longer," reducing the center's capacity and blood inventory availability.

"In an effort to further manage the blood supply, we have asked the more than 250 hospitals we serve to activate their critical blood shortage protocols and to remain in that status for the time being."

Other centers are sending blood to make up for the shortfall, but the center said it still has an urgent need for type O blood donations and platelets. Type O negative blood is known as the universal blood donor type since first responders can safely administer to it anyone.

RansomHub has been involved in a series of cyberattacks and data theft incidents in the healthcare sector, including an attack that potentially compromised the information of more than 2 million customers of pharmacy chain giant Rite Aid (see: Rite Aid Says Ransomware Group Stole 2.2 Million Customers' Data).

OneBlood said it is working "around the clock" with cybersecurity experts to determine the scope of the incident, including whether any data was compromised in the attack.

Many blood suppliers are regional and non-profit, said David Finn, an executive vice president at security firm First Health Advisory. "They've likely never felt any pressure to invest in security, redundancy, or time to develop down-time procedures, let alone emergency communications to their customers.

"They need to start getting ready for cyber resilience now and into the coming year. I see no letup in this activity."

Blood Supply Disruptions

AdventHealth, which operates several hospitals in Florida, is among those affected by the OneBlood incident. "We have implemented blood conservation protocols to ensure our patients receive the care they need, and are taking steps to proactively respond to this rapidly evolving situation," said an AdventHealth spokesman.

The attack on OneBlood comes on the heels of at least two similar attacks on blood supply and services organizations.

An April attack on Octapharma Plasma, the U.S. operations of a Swiss pharmaceutical maker, shut down nearly 200 blood plasma donation centers for several days. The Russian-speaking ransomware gang BlackSuit is suspected to be the perpetrator (see: Suspected Attack Shuts Down US Blood Plasma Donation Centers).*

A June attack on Synnovis, a British pathology laboratory services provider, disrupted patient care and testing services at several London-based National Health System hospitals and other care facilities, ultimately affecting the United Kingdom's blood supplies.

The NHS Blood and Transplant service last Thursday issued an Amber Alert to hospitals stating that the combination of the Synnovis cyberattack and reduced blood collections "caused stocks of blood to drop to unprecedentedly low levels" (see: UK Blood Stocks Drop After Ransomware Hack).

Russian-speaking ransomware group Qilin claimed responsibility for the Synnovis attack. The group leaked nearly 4 gigabytes of stolen Synnovis and NHS data in late June after the medical laboratory did not pay a ransom demand of $50 million (see: Qilin Ransomware Group Leaks NHS Data).

In the Bullseye

Hackers appear to be sharpening their aim on healthcare sector targets, some experts said.

"For quite some time, we believed cybercriminals used a shotgun approach to ransomware campaigns," said Errol Weiss, chief security officer of the Health Information Sharing and Analysis Center.

"That is, the cybercriminals blast millions of phishing emails out at a time with the hopes some victims will click on the malicious links. I'm not so sure that's true anymore since we've seen critical supply chain impacts in healthcare following three Russian ransomware attacks just this year," he said.

"Now that three critical supply chain attacks have significantly impacted healthcare delivery recently, it should serve as a wake-up call across the industry. It's not just about cybersecurity anymore. We also need to invest in resilience."

Organizations should prioritize applying risk management assessment principles to their critical suppliers and partners, Weiss said. "Consider supply chain outages and availability. Identify alternative suppliers or use multiple suppliers to create redundancy. The idea is to eliminate the single points of failure in healthcare supply chains and minimize disruptions to healthcare delivery in the event of ransomware attacks on critical suppliers."

Healthcare organizations should not pay a ransom "unless it's a matter of life and death," said Sean Deuby, principal technologist at security firm Semperis.

"No organization can pay their way out of ransomware," he said, pointing to a Semperis global ransomware study released on Tuesday that says 35% of companies that paid a ransom either didn’t receive decryption keys or received corrupted keys.

"Paying only emboldens the ransomware gangs, and it further fuels the ransomware economy. Today, there's no silver bullet that will solve the cybersecurity challenges facing most healthcare organizations."

In fact, healthcare organizations are paying ransoms at a less frequent pace than other organizations, Deuby said. The Semperis study says that 66% of hospitals paid a ransom when attacked, below the global average of 72%.

Corrected on Aug. 1, 2024 UTC 18:29 to reflect that Octapharma Plasma's IT operations was affected for several days, not weeks, as a result of its April cyberattack.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.