Blood donation service OneBlood said it is struggling to get its IT network back online following a ransomware attack.
The organization issued an emergency call for blood donations on Wednesday as it struggled to get its internal systems up and running. The organization said that while its blood donation and distribution platforms were still operational, the ransomware infection has slowed things to a crawl and created the need for new donations to make up the difference.
“OneBlood takes the security of our network extremely seriously. Our team reacted quickly to assess our systems and began an investigation to confirm the full nature and scope of the event,” said Susan Forbes, OneBlood senior vice president of corporate communications and public relations.
“Our comprehensive response efforts are ongoing and we are working diligently to restore full functionality to our systems as expeditiously as possible.”
Operating primarily in the U.S., OneBlood operates mobile donation centers and run blood drives primarily in the South. The group said it has some 250 hospitals in the region that take its blood donations.
OneBlood advised those hospitals to enact their critical blood shortage protocols and reach out the public for donations. In particular, they asked for donations of platelets as well as blood types O-positive and O-negative.
“The blood supply cannot be taken for granted. The situation we are dealing with is ongoing,” said Forbes.
“If you are eligible to donate, we urge you to please make an appointment to donate as soon as possible.”
The non-profit said it has not yet determined what personal data on donors may have been compromised in the attack, and has not provided any information on who the perpetrators are or what they have demanded.
Industry experts said the attack underscored the growing threat that criminal hackers pose to the healthcare industry. Erich Kron, security awareness advocate at KnowBe4, noted that while the impact of the attack could have been worse, it should still provide a stark reminder that cybercriminals are becoming more audacious when it comes to targeting healthcare.
“Clearly ransomware has evolved from an annoyance to a potentially dangerous threat to human life. The attacks on healthcare have shown how little regard these attackers have for human life and safety,” Kron said in a statement to CyberRisk Alliance.
“In this case, the organization is able to fall back to manual procedures, however even with that in place, not only is it significantly slower, but the potential for human error when processing the blood is naturally increased, increasing risk to patients who receive it.”