OneBlood blood bank hit by ransomware attack, disrupts operations

OneBlood, a non-profit blood bank serving over 250 hospitals in the southeastern United States, has experienced a significant disruption due to a ransomware attack.

OneBlood is a not-for-profit 501(c)(3) community blood center that serves over 250 hospitals across Florida, Georgia, North Carolina, South Carolina, and Alabama. Headquartered in Orlando, Florida, OneBlood distributes more than one million blood products annually and operates nearly 90 donor centers

This cyber-attack has compromised their software systems, leading to a substantial slowdown in collecting, testing, and distributing blood and blood products. OneBlood remains operational at a reduced capacity, with manual processes to maintain functionality.

The organization has requested that all hospitals they serve activate their critical blood shortage protocols and has issued an urgent appeal for blood donations, emphasizing a particular need for O Positive, O Negative, and platelet donations.

OneBlood is collaborating with cybersecurity specialists and federal, state, and local agencies to investigate the attack's scope and restore full system functionality. The non-profit is also investigating if any personal data, such as donor records, were compromised. OneBlood has pledged to offer free credit monitoring services to affected individuals.

Update - as of 7th of January 2025, OneBlood confirmed that the attackers accessed and copied files containing names and Social Security numbers of individuals. The organization sent our norification letters to the affected individuals offering free credit monitoring services until April 2025. The number of affected individuals is not disclosed, and the six-month delay in notification has left impacted individuals vulnerable to potential identity theft and financial fraud.