Ransomware attack hits Florida blood donation center that services more than 350 hospitals
A cyberattack on the nonprofit blood donation center OneBlood is stifling operations at an organization that normally services more than 350 hospitals across four states, the organization announced on Wednesday.
The breach, which was first reported by CNN, targeted OneBlood's software system and is being investigated as a ransomware event — where hackers break into a company's online network and essentially block access to important files until a ransom is paid.
OneBlood, which is based in Orlando, said it is working with cybersecurity specialists as well as federal, state and local authorities as they move ahead with a "comprehensive response" to the attack. While donation centers are continuing to collect, test and distribute blood, the organization noted that "they are operating at a significantly reduced capacity."
"OneBlood takes the security of our network extremely seriously. Our team reacted quickly to assess our systems and began an investigation to confirm the full nature and scope of the event," said Susan Forbes, the senior vice president of corporate communications and public relations at OneBlood, in a statement. "Our comprehensive response efforts are ongoing and we are working diligently to restore full functionality to our systems as expeditiously as possible."
In the meantime, Forbes said that OneBlood is carrying out normal operations and procedures manually, to the extent that's feasible.
Errol Weiss, chief security officer at the Health Information Sharing and Analysis Center, told CBS News on Wednesday that OneBlood told the Florida Hospital Association that it doesn't have a timeline for restoring digital operations in the wake of the hack, which may have started to affect the organization's software system as far back as Sunday. By Tuesday, the system outage was already interrupting blood product shipments from OneBlood to its partners in Florida, Weiss said. At the time, the association said OneBlood had begun to manually label blood donations and had a plan in place to expedite that process, according to Weiss.
Because the work takes much longer to perform manually than it would with the organization's digital system up and running, OneBlood has less inventory than usual to distribute out to its partners and is urging more people to donate.
"In an effort to further manage the blood supply we have asked the more than 250 hospitals we serve to activate their critical blood shortage protocols and to remain in that status for the time being," Forbes said. "The blood supply cannot be taken for granted. The situation we are dealing with is ongoing. If you are eligible to donate, we urge you to please make an appointment to donate as soon as possible."
With donation centers scattered across the southeastern United States, OneBlood's supplies usually support 355 hospitals in Florida, Georgia and the Carolinas, according to the organization. To help make up for the current loss, OneBlood said it's partnering with blood centers across the country and a national disaster task force that will send additional blood, platelets and other blood products. They are calling for people of all blood types to donate, but O Positive and O Negative blood types as well as platelets are particularly crucial. Donors can find the nearest OneBlood center here.
U.S. authorities and security researchers alike have warned that ransomware attacks like these are becoming more common, and they often impact health and medical institutions like hospitals and pharmacies. A cyberattack in the U.K. recently depleted stocks of O-type blood.