The New York Blood Center (NYBC), a major player in blood collection and distribution, encountered a ransomware attack that has led to the rescheduling of some donation appointments. This organization, which gathers close to 4,000 blood units daily, serves a vast population across more than a dozen states and collaborates with over 500 hospitals nationally.

Impact and Response

NYBC discovered the suspicious activity on its IT infrastructure over the weekend, promptly engaging external cybersecurity professionals to scrutinize the incident. The investigation confirmed the ransomware attack, prompting immediate actions such as taking critical systems offline to contain the threat. Efforts are underway, alongside these experts, to restore normal operations safely and swiftly.

Operational Disruptions

The organization continues to accept blood donations but warns that some may need to be rescheduled due to operational interruptions. Despite this challenge, NYBC canceled some blood donor engagements following the attack, which coincided with a declared blood emergency due to significantly reduced donations.

Data Privacy Concerns

As of now, there have been no disclosures regarding the breach of donor personal or health information. However, it is common for ransomware groups to exfiltrate data before encryption, aiming to use it as leverage for extortion. The absence of any group claiming responsibility so far leaves the extent of data compromise uncertain.

Continued Efforts

NYBC reiterated its commitment to community health and service continuity, maintaining open communication with hospital partners and exploring alternative solutions to meet the demands for blood services. The priority remains on restoring services effectively.

Industry-Wide Security Concerns

Earlier this year, OneBlood, another significant blood donation nonprofit, reported the theft of donor data in a ransomware incident. The UK also experienced a similar situation when a London-based blood supply chain was disrupted by a ransomware attack attributed to a Russian cybercriminal group.

Such incidents underline the pressing need for robust cybersecurity measures in healthcare. Recent proposals from the U.S. Department of Health and Human Services seek to enhance patient data protection in response to a series of escalating healthcare breaches, including a widespread attack affecting millions in February.

The link has been copied!