An urgent appeal for blood donations has been issued following a ransomware attack on US blood donation center OneBlood.
The non-profit center, headquartered in Florida, said the cyber-attack is impacting its software system, significantly reducing its capacity to collect, test and distribute blood to hospitals in Southeastern US.
In a statement on July 31, Susan Forbes, Senior Vice President of Corporate Communications and Public Relations at OneBlood, explained: “We have implemented manual processes and procedures to remain operational. Manual processes take significantly longer to perform and impacts inventory availability.”
“In an effort to further manage the blood supply we have asked the more than 250 hospitals we serve to activate their critical blood shortage protocols and to remain in that status for the time being,” Forbes added.
All blood types are needed, but there is a particularly urgent need for O Positive, O Negative and Platelet donations, the organization added.
Responding to a comment on its X (formerly Twitter) account, OneBlood said it was currently unable to process therapeutic donations.
Due to our system outage, OneBlood cannot currently process therapeutic donations. Please visit our website for further updates: https://t.co/DCTpAtEW8h
— OneBlood (@my1blood) July 31, 2024
The incident comes just a few days after NHS England issued an Amber Alert for O type blood shortages as a result of the ongoing ransomware attack on UK pathology provider Synnovis, which started in June 2024.
Ransomware Attack Under Investigation
Forbes said OneBlood’s response and remediation efforts are ongoing and it is “working diligently to restore full functionality to our systems as expeditiously as possible.”
The non-profit is also working with cybersecurity specialists and federal, state and local agencies to investigate the full nature and scope of the incident. This includes ascertaining any impact to personal data, such as donor records. It confirmed free credit monitoring services will be offered to anyone whose personal information has been compromised.
OneBlood added that it will provide relevant updates as the investigation continues.
Commenting on the story, Boris Cipot, Senior Security Engineer at the Synopsys Software Integrity Group, said the incident is part of a disturbing trend of ransomware attackers targeting healthcare-related services.
“Typically, ransomware aims to extort money from victims, adding to their financial burdens if the ransom is paid. Was this attack intended to disrupt blood product distribution in Florida, or is financial extortion still the primary motive? Law enforcement and cybersecurity teams now need to determine this,” said Cipot.