US blood donation group hit by ransomware attack

Binary code in red lettering displayed on a computer screen denoting a cyber attack or malware infection.
(Image credit: Getty Images)

US blood donation non-profit OneBlood has fallen victim to a ransomware attack that's left it operating at a significantly reduced capacity.

OneBlood provides blood to more than 250 hospitals in Alabama, Florida, North Carolina, South Carolina and Georgia. It said these hospitals have been asked to activate their critical blood shortage protocols, and that it's been sourcing supplies from blood centers elsewhere. Nevertheless, surgeries may have to be postponed.

It said it's working closely with cybersecurity specialists, as well as federal, state and local agencies, to resolve the problem, and hopes it can get all its systems up and running again soon.

"We have implemented manual processes and procedures to remain operational. Manual processes take significantly longer to perform and impact inventory availability," said Susan Forbes, OneBlood senior vice president of corporate communications and public relations.

"In an effort to further manage the blood supply, we have asked the more than 250 hospitals we serve to activate their critical blood shortage protocols and to remain in that status for the time being."

There's no information on what the attack actually involved, nor on who was responsible. But, Adam Brown, managing security consultant at the Synopsys Software Integrity Group, said there's a fair chance that it involved unsecured infrastructure such as remote desktops, social engineering such as phishing, and, ultimately, software security vulnerabilities.

An attacker will make use of known or unknown - zero-day - vulnerabilities once they have a foothold, so regardless of the way in, software security, or lack of it, is implicit," he said.

"Understanding the software firms develop, maintain, or simply operate in order to have the best defense against this kind of attack. Team education, architectural understanding via threat modeling, code and composition analysis, and implementation assessments environment are all important domains to address."

So far, OneBlood hasn't established what data has been accessed. If any personal information has been leaked, it says, it will provide credit monitoring services to those affected.

It's not clear whether a ransom has been paid.

RELATED WHITEPAPER

"Ransomware attacks are a long-standing and continuously evolving problem, a problem that society has still not gotten to grips with. In part, this is because it's a contentious topic: do governments ban paying ransoms; if so, they risk law-abiding businesses disappearing overnight," said Adam Pilton, senior cybersecurity consultant at CyberSmart.

"But this is only one side of the debate: we must look at prevention and consider if mandatory cyber security controls should be enforced, for example, should all businesses have government backed controls in place such as the UK enforcing cyber essentials?"

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.