Ransomware infection cuts off blood supply to 250+ hospitals

A ransomware attack against blood-donation nonprofit OneBlood, which services more than 250 American hospitals, has "significantly reduced" the org's ability to take, test, and distribute blood.

In a notice today, OneBlood revealed the intrusion disrupted a "software system," and had forced the organization to use manual processes and procedures to remain operational. The outfit provides blood for healthcare facilities across Florida, Georgia, North Carolina, and South Carolina.

We have asked the hospitals we serve to activate their critical blood shortage protocols

"Manual processes take significantly longer to perform and impact inventory availability," OneBlood spokesperson Susan Forbes explained in a statement.

"In an effort to further manage the blood supply we have asked the more than 250 hospitals we serve to activate their critical blood shortage protocols and to remain in that status for the time being."

Other blood centers across the US are sending blood and platelets to OneBlood, with the AABB Disaster Task Force coordinating the national response. And while all blood types are in demand, the nonprofit says there's an urgent need for O Positive, O Negative, and platelet donations.

The org is working with cybersecurity specialists and government agencies to respond to the intrusion. While the spokesperson didn't indicate a timeframe to recover the infected computer system, Forbes said incident responders are "working diligently to restore full functionality to our systems as expeditiously as possible."

Forbes didn't immediately respond to The Register's questions – including how the intruders gained access to the blood bank's network, who was responsible for the ransomware infection, and whether they demanded a payment from the nonprofit. It's also unclear if any sensitive information was stolen.

When giving blood at one of the organization's centers, donors are asked about their medical history, blood type, test results, and other personal details. 

In a Q&A section on the website, under "Has my personal data been compromised?" the nonprofit says only that it "does not have additional information at this time and will provide relevant updates as the investigation continues."

• Cancer patient forced to make terrible decision after Qilin attack on London hospitals
• Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals
• Intruders at HealthEquity rifled through storage, stole 4.3M people's data
• 'LockBit of phishing' EvilProxy used in more than a million attacks every month

So far, it doesn't appear that any of the usual suspects have claimed responsibility for the intrusion. The ransomware infection does, however, sound similar to the Qilin attack against NHS England pathology services provider Synnovis in June. 

That incident canceled blood transfusions and surgeries at London hospitals and incurred the wrath of both UK and US police. 

Also in June, the US Department of Health and Human Services issued a warning [PDF] about Qilin, and pinned at least 15 healthcare sector infections since October 2022 on that particular gang. About half of these were targeting American organizations in Indiana, Florida, Ohio, Georgia, Minnesota, Nevada, and Arizona. ®