Southeast hospitals impacted by cyberattack on OneBlood; AHA, Health-ISAC post updated advisory on cyberattacks against health care suppliers 

Aug 01, 2024 - 05:02 PM
cybersecurity

OneBlood, a nonprofit organization that provides blood and blood products to health care providers in Florida, Georgia, Alabama, North Carolina and South Carolina, including more than 350 hospitals, July 31 said it is experiencing a ransomware event that is impacting its software system and disrupting some of its operations to deliver blood. 
 
Hospitals have reported that the incident is impacting patient care, and hospitals have put conservation and prioritization strategies in place. OneBlood yesterday said it remains operational and continues to collect, test and distribute blood, but it is operating at a significantly reduced capacity and did not specify a time for restoration. 
 
The AHA has been in touch with leaders at the state hospital associations where hospitals are affected. In addition, AHA remains in close contact with leaders at the Department of Health and Human Services, Food and Drug Administration, other federal agencies and the Association for the Advancement of Blood & Biotherapies. An AABB Interorganizational Disaster Taskforce is coordinating support from other U.S. blood centers to help meet OneBlood's needs.
 
The AHA and the Health Information Sharing and Analysis Center today released an updated bulletin the groups originally shared last month with their member organizations discussing three recent ransomware attacks on OneBlood, Synnovis and Octapharma by Russian cybercrime ransomware gangs and the need for hospitals and health systems to incorporate mission-critical and life-critical third-party suppliers into enterprise risk management and emergency management plans to maintain resiliency and redundancy in the modern digitally connected health care ecosystem.  
 
“The recent ransomware attack against OneBlood and the previous Russian-connected ransomware group attacks against blood suppliers Synnovis in U.K. and Octapharma in the U.S. have resulted in significant disruption to patient care, including canceled elective surgeries,” said John Riggi, AHA national advisor for cybersecurity and risk. “This incident once again reminds us that any cyberattack against any entity that results in the delay and disruption to life-sustaining care is a threat to life crime. It also reminds us that our cyber adversaries are increasingly and intentionally targeting health care mission-critical and life-critical third-party service providers and supply chain to cause maximum disruption on a regional and field-wide basis. Due to this escalating threat, we continue to strongly recommend that hospitals and health systems identify all of their life-critical and mission-critical third-party service and supply chain providers, and develop business and clinical continuity procedures and supply chain resiliency to sustain a loss of access to those critical services and supplies for 30 days or longer. We are also strongly urging our government partners to do more to disseminate threat intelligence, use all our capabilities to disrupt these actors before they attack, and prepare to provide assistance when an attack does occur. It is clear, based upon this and other recent high-impact ransomware attacks, that our cyber adversaries are intent on disrupting health care delivery on a systemic level.” 

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
North Korean hacker indicted for allegedly extorting U.S. hospitals; agencies issue cyberthreat advisory 
The Department of Justice July 25 announced the indictment of North Korean national Rim Jong Hyok for allegedly conspiring to hack and extort U.S. hospitals…
Headline
CrowdStrike posts preliminary post-incident report on recent global IT outage
The cybersecurity firm CrowdStrike July 24 posted online a preliminary post-incident report  following a non-malicious global technology outage which…
Headline
AHA podcast: Fighting back against cybercriminals who know your vulnerabilities 
There has been a sharp uptick this year in ruthless tactics by cybercriminals, who are now directly threatening patients with the release of sensitive…
Headline
AHA shares new resources and offerings from partners to help bolster cybersecurity efforts
The AHA July 24 shared information and new offerings from some of its private sector partners that can help hospitals and health systems strengthen their…
Headline
Pollack discusses innovation, future of the health care field 
AHA President and CEO Rick Pollack opened the 2024 AHA Leadership Summit in San Diego discussing the similarities of the U.S. Navy Seals to the hospital field…
Headline
CrowdStrike technology outage causing global disruption across industries, including impacts on hospitals and health systems 
A non-malicious global technology outage that began in the early morning of July 19 is continuing to affect many industries and is having varying effects on…