OneBlood, a prominent not-for-profit blood center serving hospitals and patients across the Southeastern United States, is grappling with a significant IT systems outage caused by a ransomware attack. This organization plays a crucial role in maintaining a stable blood supply by collecting, testing, and distributing a substantial volume of blood products. The recent cyberattack has sparked concerns regarding potential disruptions to surgeries and medical treatments that depend on a consistent blood supply.

Incident Overview

According to an anonymous tip received by BleepingComputer, OneBlood has encountered severe issues with blood sample collection at its donor centers and mobile donation buses. The organization has confirmed that a ransomware attack has compromised its software systems, prompting a coordinated response involving local and federal agencies.

OneBlood’s senior vice president, Susan Forbes, stated, “Our comprehensive response efforts are ongoing, and we are working diligently to restore full functionality to our systems as expeditiously as possible.” The organization has resorted to manual processes during this crisis, leading to inevitable challenges in inventory management and availability.

Operational Impact

The ransomware attack, which reportedly occurred over the weekend, targeted OneBlood’s VMware hypervisor infrastructure. This attack vector is particularly disruptive as it affects multiple virtual machines across fewer physical devices, amplifying the impact of the encryption.

As a result of the attack, OneBlood is currently operating at a significantly reduced capacity. The organization has issued a plea for all blood types, emphasizing an urgent need for O Positive, O Negative, and Platelet donations. Over 250 hospitals served by OneBlood have been advised to activate their critical blood shortage protocols to manage the situation effectively.

Response and Mitigation

In response to the disruption, a coalition of blood donation centers, alongside the AABB Disaster Task Force, is redirecting blood products to OneBlood to ensure continuity in supplying hospitals and patients. Despite these efforts, the situation mirrors the recent crisis faced by the UK's National Health Service (NHS), which experienced similar challenges in June 2024 due to a Qilin ransomware attack on pathology provider Synnovis. This attack also led to a critical shortage of O Negative and O Positive blood types, prompting an amber alert from the NHS.

OneBlood has yet to provide detailed information about the ransomware group behind the attack. The organization has pledged to notify potentially impacted individuals and offer credit monitoring services to address any potential data exposure. Additionally, while Donor Rewards remain disabled during the recovery period, the organization has assured that no compromise has occurred regarding donor incentives.