Southeast hospitals impacted by cyberattack on OneBlood; AHA, Health-ISAC post updated advisory on cyberattacks against health care suppliers

OneBlood, a nonprofit organization that provides blood and blood products to health care providers in Florida, Georgia, Alabama, North Carolina and South Carolina, including more than 350 hospitals, July 31 said it is experiencing a ransomware event that is impacting its software system and disrupting some of its operations to deliver blood.

Hospitals have reported that the incident is impacting patient care, and hospitals have put conservation and prioritization strategies in place. OneBlood yesterday said it remains operational and continues to collect, test and distribute blood, but it is operating at a significantly reduced capacity and did not specify a time for restoration.

The AHA has been in touch with leaders at the state hospital associations where hospitals are affected. In addition, AHA remains in close contact with leaders at the Department of Health and Human Services, Food and Drug Administration, other federal agencies and the Association for the Advancement of Blood & Biotherapies. An AABB Interorganizational Disaster Taskforce is coordinating support from other U.S. blood centers to help meet OneBlood's needs.

The AHA and the Health Information Sharing and Analysis Center today released an updated bulletin the groups originally shared last month with their member organizations discussing three recent ransomware attacks on OneBlood, Synnovis and Octapharma by Russian cybercrime ransomware gangs and the need for hospitals and health systems to incorporate mission-critical and life-critical third-party suppliers into enterprise risk management and emergency management plans to maintain resiliency and redundancy in the modern digitally connected health care ecosystem.

"The recent ransomware attack against OneBlood and the previous Russian-connected ransomware group attacks against blood suppliers Synnovis in U.K. and Octapharma in the U.S. have resulted in significant disruption to patient care, including canceled elective surgeries," said John Riggi, AHA national advisor for cybersecurity and risk. "This incident once again reminds us that any cyberattack against any entity that results in the delay and disruption to life-sustaining care is a threat to life crime. It also reminds us that our cyber adversaries are increasingly and intentionally targeting health care mission-critical and life-critical third-party service providers and supply chain to cause maximum disruption on a regional and field-wide basis. Due to this escalating threat, we continue to strongly recommend that hospitals and health systems identify all of their life-critical and mission-critical third-party service and supply chain providers, and develop business and clinical continuity procedures and supply chain resiliency to sustain a loss of access to those critical services and supplies for 30 days or longer. We are also strongly urging our government partners to do more to disseminate threat intelligence, use all our capabilities to disrupt these actors before they attack, and prepare to provide assistance when an attack does occur. It is clear, based upon this and other recent high-impact ransomware attacks, that our cyber adversaries are intent on disrupting health care delivery on a systemic level."

For more information on this or other cyber and risk issues, contact Riggi at [email protected]. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.