Article Details

Ransomware attack disrupts New York blood donation giant. ​The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments. NYBC collects almost 4,000 units of blood products every day and serves more than 75 million people in more than a dozen states. It also provides transfusion-related medical services to over 500 hospitals nationwide. On Wednesday, NYBC said it detected the attack after noticing suspicious activity on its IT systems over the weekend, on January 26. "We immediately engaged third-party cybersecurity experts to investigate. This investigation has confirmed that the suspicious activity is a result of a ransomware incident," NYBC said in a Wednesday statement. 'We took immediate steps to help contain the threat, including taking certain systems offline. We are working diligently with these experts to restore our systems as quickly and as safely as possible." However, the organization still accepts donations but warned that some might have to be rescheduled. NYBC added that it already had to cancel some blood donor appointments and blood drives following the attack because of ongoing disruptions to its operations. The attack came days after NYBC announced a blood emergency after a nearly 30% drop in blood donations that led to 6,500 fewer donations and "crippled the region's blood supply." The blood center has yet to disclose whether the attackers stole or accessed donors' personal and health information. While no ransomware operation has claimed the attack until now, the vast majority of ransomware gangs also steal sensitive information from victims' compromised systems before encryption and use it as leverage for extortion. "We understand the critical nature of our services, and the health of our communities remains our top priority," NYBC added on Wednesday. "We remain in direct communication with our hospital partners and are implementing workarounds to help restore services and fulfill orders." Earlier this month, major blood-donation non-profit organization OneBlood also notified an undisclosed number of donors that their personal information was stolen in a ransomware attack last summer. London hospitals also faced blood shortages in early June 2024 after pathology provider Synnovis was hit by a ransomware attack linked to the Qilin (Agenda) Russian cybercrime group. Following the incident, England's NHS Blood and Transplant (NHSBT) urgently called for universal blood donors to book appointments. In December, the U.S. Department of Health and Human Services (HHS) proposed updates to HIPAA (short for Health Insurance Portability and Accountability Act of 1996) to secure patients' health data following a surge of massive healthcare security breaches affecting U.S. hospitals and Americans in recent years, including the February Change Healthcare ransomware attack that affected 190 million individuals.