Ransomware, Critical Infrastructure Security

There will (not) be blood: OneBlood hit by ransomware attack

Share
Human blood in blood donation

Blood donation service OneBlood said it is struggling to get its IT network back online following a ransomware attack.

The organization issued an emergency call for blood donations on Wednesday as it struggled to get its internal systems up and running. The organization said that while its blood donation and distribution platforms were still operational, the ransomware infection has slowed things to a crawl and created the need for new donations to make up the difference.

“OneBlood takes the security of our network extremely seriously. Our team reacted quickly to assess our systems and began an investigation to confirm the full nature and scope of the event,” said Susan Forbes, OneBlood senior vice president of corporate communications and public relations.

“Our comprehensive response efforts are ongoing and we are working diligently to restore full functionality to our systems as expeditiously as possible.”

Operating primarily in the U.S., OneBlood operates mobile donation centers and run blood drives primarily in the South. The group said it has some 250 hospitals in the region that take its blood donations.

OneBlood advised those hospitals to enact their critical blood shortage protocols and reach out the public for donations. In particular, they asked for donations of platelets as well as blood types O-positive and O-negative.

“The blood supply cannot be taken for granted. The situation we are dealing with is ongoing,” said Forbes. 

“If you are eligible to donate, we urge you to please make an appointment to donate as soon as possible.”

The non-profit said it has not yet determined what personal data on donors may have been compromised in the attack, and has not provided any information on who the perpetrators are or what they have demanded.

Industry experts said the attack underscored the growing threat that criminal hackers pose to the healthcare industry. Erich Kron, security awareness advocate at KnowBe4, noted that while the impact of the attack could have been worse, it should still provide a stark reminder that cybercriminals are becoming more audacious when it comes to targeting healthcare.

“Clearly ransomware has evolved from an annoyance to a potentially dangerous threat to human life. The attacks on healthcare have shown how little regard these attackers have for human life and safety,” Kron said in a statement to CyberRisk Alliance.

“In this case, the organization is able to fall back to manual procedures, however even with that in place, not only is it significantly slower, but the potential for human error when processing the blood is naturally increased, increasing risk to patients who receive it.”

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Shaun Nichols

A career IT news journalist, Shaun has spent 17 years covering the industry with a specialty in the cybersecurity field.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.