A ransomware attack on blood donation nonprofit OneBlood this week is forcing many hospitals across the southeastern U.S. to rely on their critical blood supplies and host last-minute blood drives.
OneBlood provides blood samples to more than 300 hospitals in Georgia, Florida and the Carolinas, and some hospitals may need to delay certain procedures until the blood supply is back to normal.
Susan Forbes, a spokesperson for OneBlood, told Axios on Thursday that the nonprofit’s online infrastructure systems are “starting to come back online,” noting that they’ll soon be able to return to the critical online tools they use to label donated blood.
OneBlood first detected the ransomware attack on Monday, and ever since, the nonprofit has had to rely on manual processes — like printing out its own labels and having donors fill out paper forms — to ship donations to hospitals.
In the last few days, the nonprofit has brought in more people, printers and other systems to more quickly label blood samples as required under FDA regulations, Forbes said.
“Donors are coming in,” she said. “It’s getting the product out the door to the hospital — there’s the delay in that because of the manual processes to label these products.”
Earlier this week, the nonprofit urged more than 250 hospital partners to activate their critical blood shortage protocols.
Other blood banks have started helping out local hospitals to fill in the gaps. But “there’s only so much blood to go around,” Forbes said.
At Tallahassee Memorial HealthCare, at least two complex elective surgeries were rescheduled Wednesday, and the hospital is actively seeking additional blood supply sources, according to WCTV.
The University of Miami health system hosted a blood drive Thursday to help supplement supplies to local hospitals.
Ransomware attacks against U.S. health care systems are getting worse, Allan Liska, a ransomware analyst at Recorded Future, told Axios.
Cybersecurity firm Check Point Software Technologies estimates that health care organizations face an average of 1,671 attacks per week.
“Just because the ransomware actor didn’t pull the trigger doesn’t mean they weren’t indirectly responsible for the death of a patient,” Liska said.
Anyone arguing that ransomware doesn’t lead to patient death “is just wrong,” he added.
