OneBlood, a non-profit blood bank serving over 300 U.S. hospitals, suffered a ransomware attack that disrupted its medical operations.
OneBlood is a non-profit organization that provides blood and blood products to over 300 hospitals and medical facilities across the U.S. Southeast. The organization collects, tests, and distributes blood to ensure a steady supply for needy patients.
A disruptive ransomware attack hit OneBlood and disrupted its medical operations. OneBlood is still operational and continues its activities, but is functioning at a significantly reduced capacity.
The organization is remediating and investigating the security breach with the help of cyber security specialists, along with federal, state and local agencies.
“OneBlood, the not-for-profit blood center serving much of the southeastern United States is experiencing a ransomware event that is impacting its software system.” reads the statement published by the organization.
“We have implemented manual processes and procedures to remain operational. Manual processes take significantly longer to perform and impacts inventory availability. In an effort to further manage the blood supply we have asked the more than 250 hospitals we serve to activate their critical blood shortage protocols and to remain in that status for the time being,” said Susan Forbes, OneBlood senior vice president of corporate communications and public relations.
The organization did not provide details about the attack, such as the malware family that infected its systems and if it had suffered a data breach.
Unfortunately, the attacks against US hospitals and healthcare organizations are growing. In July, the LockBit ransomware group breached another hospital in the United States, the victim is the Fairfield Memorial Hospital in Illinois.
The ransomware group also claimed responsibility for the hack of other hospitals, including the Merryman House Domestic Crisis Center, and the Florida Department of Health.
In the same period, Wayne Memorial Hospital in Pennsylvania was the victim of a cyber attack, Monti gang claimed to have hacked the healthcare infrastructure.
In February the Lurie Children’s Hospital in Chicago took IT systems offline after a cyberattack. The security incident severely impacted normal operations also causing the delay of medical care.
Lurie Children’s Hospital is one of the top pediatric hospitals in the United States.
In early November 2023, the Cogdell Memorial Hospital (Scurry County Hospital District) announced it was experiencing a computer network incident that prevented the hospital from accessing some of its systems and severely limiting the operability of its phone system. The hospital immediately removed network connectivity and continued to provide most routine services.
The facility operates as a Critical Access Hospital and a Rural Health Clinic serving rural West Texas.
In November 2023, the Lorenz extortion group leaked the data stolen from the Texas-based Cogdell Memorial Hospital.
Cyber attacks against hospitals are very dangerous, and despite major ransomware gangs imposing restrictions on their affiliates to avoid targeting them, many incidents have recently made headlines.
Pierluigi Paganini
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Fairfield Memorial Hospital)