Cyber Incident Victim: OneBlood
Date:
Jul 2024
Location:
United States of America
Summary
A ransomware attack disrupted the software systems of a nonprofit blood center serving hospitals across multiple southeastern states, forcing operational reliance on manual processes that significantly reduced capacity and inventory availability. The organization requested over 250 hospitals to activate critical blood shortage protocols while coordinating with cybersecurity experts, law enforcement, and receiving nationwide support from other blood centers to supplement urgent needs for specific blood types and platelets.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
OneBlood, a not-for-profit blood center serving hospitals across the southeastern United States, experienced a ransomware event impacting its software systems beginning in early July 2024. The organization confirmed the incident publicly on July 1, 2024, stating it had engaged cybersecurity specialists and initiated coordination with federal, state, and local agencies as part of its response. Internal teams acted swiftly to assess system compromises and determine the scope of the disruption, though specific technical details regarding the attack vector or ransomware variant were not disclosed. Operational continuity was maintained through manual processes for blood collection, testing, and distribution, though these workarounds substantially reduced processing efficiency. The nonprofit serves over 250 hospitals across Alabama, Florida, Georgia, North Carolina, and South Carolina, all of which were instructed to activate critical blood shortage protocols due to constrained inventory availability. Health sector cybersecurity monitors, including the Health Information Sharing and Analysis Center, issued advisories noting the outage’s particular impact on Florida’s blood product distribution, with OneBlood manually labeling blood shipments during recovery efforts.
The ransomware attack forced OneBlood into prolonged contingency operations, significantly delaying routine procedures and diminishing blood supply reserves despite continued donor collections. Susan Forbes, the organization’s senior vice president of corporate communications, emphasized the sustained operational strain, noting manual workflows required considerably more time than automated systems. National blood industry partners mobilized to mitigate shortages, with multiple blood centers shipping emergency supplies of blood and platelets to OneBlood under coordination by the AABB Disaster Task Force. Public appeals urgently requested donations of O Positive, O Negative, and Platelet units to address critical deficits. While law enforcement agencies investigated the incident as a potential ransomware attack, OneBlood maintained focus on restoring full system functionality without confirming whether data exfiltration occurred or if ransom demands were issued. The organization reiterated its operational status throughout the incident but acknowledged persistent capacity limitations affecting hospital services across its multi-state service area.