Cybercriminals Target OneBlood: Blood Supply Chain Threatened

CVE-2024-1212 Vulnerability

The nonprofit organization OneBlood, which supplies donor blood to over 250 hospitals in the United States, finds itself in a challenging situation. Hackers attacked its computer system with ransomware, significantly hindering OneBlood’s ability to collect, analyze, and distribute blood.

According to OneBlood spokesperson Susan Forbes, the attack disrupted the organization’s software operations. As a result, OneBlood had to resort to manual processes to continue its activities. The company serves medical facilities in four states: Florida, Georgia, North Carolina, and South Carolina.

To address the issue, other blood centers across the country have started supplying blood and platelets to OneBlood. The AABB Emergency Task Force has taken charge of coordinating these efforts. OneBlood particularly highlights the urgent need for donors with O positive and O negative blood types, as well as platelet donors.

The organization is currently collaborating with cybersecurity experts and government agencies to mitigate the aftermath of the intrusion. Forbes stated that specialists are doing everything possible to restore full system functionality as swiftly as possible.

It remains unknown who is behind this attack, which specific data might have been stolen, or whether the perpetrators have made any ransom demands. OneBlood stores various information about its donors, including medical history, blood type, and test results. On its website, the organization reports that it currently has no additional information regarding a potential data breach.

While no group has yet claimed responsibility for the attack, it resembles the recent ransomware incident involving Qilin, which targeted Synnovis, a laboratory service provider for NHS England, in June. That attack led to the cancellation of blood transfusions and surgeries in London hospitals.

In the same month, the U.S. Department of Health and Human Services issued a warning about the Qilin group, linking it to at least 15 attacks on healthcare institutions since October 2022. About half of these incidents targeted organizations in the U.S., including those in Florida and Georgia, states served by OneBlood.

Related Posts: