Nonprofit blood bank OneBlood, which serves hundreds of U.S. hospitals based in the Southeast region, has been affected by a ransomware attack that has disrupted its software systems.
While the organization remains operational and is continuing to collect, test, and distribute blood, it is running at a “significantly reduced capacity” following the ransomware attack, the group said in a July 31 statement. To mitigate disruptions, the blood bank has implemented “manual processes and procedures to remain operational,” Susan Forbes, OneBlood senior vice president of corporate communications and public relations, said.
However, “manual processes take significantly longer to perform and impacts inventory availability,” she said.
“In an effort to further manage the blood supply, we have asked the more than 250 hospitals we serve to activate their critical blood shortage protocols and to remain in that status for the time being,” Forbes said.
Blood centers nationwide are sending blood and platelets to OneBlood to help augment supply, according to the blood bank. It said there was an “urgent need” for O negative, O positive, and platelet donations.
OneBlood serves 355 hospitals across Alabama, Florida, North Carolina, South Carolina, and Virginia.
“The blood supply cannot be taken for granted. The situation we are dealing with is ongoing. If you are eligible to donate, we urge you to please make an appointment to donate as soon as possible,” Forbes said.
The ransomware attack on OneBlood is the latest in a series of hacking attempts targeting U.S. health care facilities.
During a House hearing in May, the company’s CEO said an estimated one-third of Americans could have had their sensitive health information leaked to the dark web. He said the company paid the hackers $22 million in bitcoin as ransom.
Health Care Sector Cyber Risk
According to a June report by data security company SecurityScorecard, 35 percent of third-party data breaches in the United States last year affected health care organizations, “outpacing every other sector.”“The supplier ecosystem is a highly desirable target for ransomware groups. Attackers can infiltrate hundreds of organizations through a single vulnerability without being detected,” SecurityScorecard said in a statement about the report.
The company scored the U.S. health care industry “B+” for cybersecurity capabilities for the first half of 2024. While ratings were “better than expected,” the firm noted that there was still room for improvement, according to the statement.
Organizations that have a rating of B are 2.9 times more likely to be victims of data breaches than entities with an A rating, SecurityScorecard said.
The data security company found that app security flaws were one of the biggest vulnerabilities among health care organizations, according to the statement. With the Change Healthcare hack costing some companies $1 million a day, executives are placing more stress on cybersecurity measures, SecurityScorecard said.
The White House convened a meeting of top executives from the health care sector in May to seek solutions to boosting cybersecurity. The same month, the Advanced Research Projects Agency for Health launched a program that will invest more than $50 million to create tools that can be used by IT teams to better defend hospital networks.
Cyberattacks against the U.S. health care system jumped by 128 percent from 2022 to 2023, according to the White House. These incidents can be especially disruptive to hospitals in the rural regions that service 60 million Americans.
“Most rural hospitals are critical access hospitals, meaning they are located more than 35 miles from another hospital, which makes diversions of patients and staffing-intensive manual workarounds in response to attacks more difficult,” the White House said in a statement.
It stated that it has “received commitments from leading U.S. technology providers to provide free and low-cost resources for all 1,800–2,100 rural hospitals across the nation.”
