Third ransomware attack on blood suppliers in 3 months

OneBlood has been hit by ransomware, resulting in a massive disruption to patient care. AHA urges health systems and hospitals nationwide to review contingency plans for blood supplies.
By Andrea Fox
12:34 PM

Photo:  jat306/Getty

WHY IT MATTERS

The ransomware attack Wednesday on Orlando-based OneBlood, a blood donation organization that services more than 350 hospitals in the southwest, was the third by Russian-speaking ransomware groups on blood suppliers in recent months. 

"The unique nature and proximity of these ransomware attacks – targeting aspects of the medical blood supply chain within a relatively short time frame, is concerning," the American Hospital Association said Tuesday in an update on its joint threat advisory with Health-ISAC.

While its donation centers are using manual processes to remain operational and continue collecting, testing and distributing blood, capacity is limited, leaving hospitals and patients at risk of reduced blood supplies, OneBlood explained on its ransomware event page.

The blood supplier said to help augment its supply, blood donation organizations nationwide are rallying to assist. There is an urgent need for O-negative, O-positive and platelet donations, and the AABB Disaster Task Force is coordinating resources.

However, the resulting blood shortage after the OneBlood attack has resulted in the Florida Hospital Association recommending that affected hospitals begin to activate critical blood shortage protocols, AHA said Thursday. 

THE LARGER TREND

OneBlood is the third recent blood supplier to experience a cyberattack that takes down its network and systems.

In June, Synnovis, a pathology provider, was attacked by the QiLin ransomware gang, shutting down operations at multiple London hospitals. 

According to the United Kingdom’s National Health Service, the attack delayed more than 800 planned operations, rescheduled 700 outpatient appointments and resulted in thousands of O-negative and O-positive blood donations being destroyed, AHA said.

Back in April, the BlackSuit ransomware gang – which is believed to have attacked Nashville-based Ardent Health Services on Thanksgiving 2023 – took down the blood plasma provider Octapharma through a vulnerable VMWare system, AHA said.

Along with an outage of 190 plasma donation centers in 35 U.S. states, plasma manufacturing facilities closed, delaying the transfer of life-saving plasma to hospitals across the country and the E.U.

While no official connection between the alleged perpetrators of the three recent blood supply attacks has been observed, the increase in ransomware groups targeting third-party infrastructure has deeply punctuated healthcare delivery this year.

Third-party attacks – like the February attack on Change Healthcare that crippled claims payments nationwide – potentially cascade, causing operational disruptions that delay or compromise patient care.

"The attack against Change was the most significant and consequential cyberattack against U.S. healthcare in history," AHA noted in the updated advisory on cyber threats to blood suppliers.

ON THE RECORD

"In an effort to further manage the blood supply we have asked the more than 250 hospitals we serve to activate their critical blood shortage protocols and to remain in that status for the time being," Susan Forbes, OneBlood senior vice president of corporate communications and public relations, said in a statement.

"As the healthcare sector begins to become more interconnected with third-party medical suppliers and software providers, these incidents are beginning to have larger impacts on patient care," AHA said in its joint threat bulletin.

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org

Healthcare IT News is a HIMSS Media publication.

The HIMSS Healthcare Cybersecurity Forum is scheduled to take place October 31-November 1 in Washington, D.C. Learn more and register.

 

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.