Ransomware attacks are a daunting possibility for every organization. In the modern digital landscape, hackers are finding easier and more evolved ways to infiltrate networks and steal data - disrupting operations, crippling finances, and invading user privacy. Unfortunately, the healthcare industry remains one of the most targeted sectors for ransomware. This is due to the critical nature of the sector that forces healthcare providers to pay ransom demands to maintain life-saving and integral operations.
OneBlood recently came under fire when ransomware hit the Floridian blood donation center. In this blog article, we’ll explore the extent and effect of the OneBlood ransomware attack and also go over the specifics of the NHS cyber attack. We’ll further look into how healthcare providers can prevent ransomware attacks in the future. For now, let’s learn more about the cyberattack on blood donation center, OneBlood.
OneBlood Ransomware Attack
On the 29th of July, OneBlood became the victim of a ransomware attack that affected critical software systems used for daily operations. The non-profit blood donation service services hundreds of hospitals and is a primary base for blood donations and blood products in the southeastern United States. In a press release, OneBlood maintained that it had quickly implemented manual processes after detecting the security incident to ensure that it could continue to collect, test, process, and distribute blood as needed.
OneBlood noted that it was working closely with cybersecurity experts and law enforcement to fully understand the attack and that the nonprofit was effectively “operating at a significantly reduced capacity.” Susan Forbes, a spokesperson for OneBlood has warned that the manual processes being used “take significantly longer to perform” and impact inventory availability. Forbes further explained that the organization has asked more than 250 hospitals that OneBloods serves to activate their critical blood shortage protocols and to remain in that status for the time being.
While an update by OneBlood on the 6th of August states that its critical software systems used for daily operations have begun to come back online after re-verification processes, the public is still being urged to donate blood. Forbes has stated that “the priority was to bring the software system used to manage the blood supply back online and the team that has been working around the clock made it happen.” She also went on to assure that the processing and distribution of blood products to hospitals is now near normal output.
While the investigation into the blood donation center ransomware attack is still ongoing, OneBlood has offered to provide free credit monitoring services to anyone whose personal information may have been compromised. While processes are still at a reduced capacity, the transition back to an automated production environment is underway for the blood donation center – however, manual labeling of blood products will continue in the meantime. Now, let’s try to understand more about the OneBlood organization itself.
What Is OneBlood?
OneBlood is a nonprofit organization that collects and distributes blood and blood products in the United States. Founded in 2012, the blood donation center provides blood donation services to healthcare providers in Florida, Georgia, Alabama, North Carolina, and South Carolina - including more than 250 hospitals. With such an integral part to play for so many patients, the effects of the OneBlood ransomware attack have been enormous as well.
The Impact of the OneBlood Cyber Attack
The OneBlood cyber attack led to a crash in the organization’s software system and directly affected the company’s ability to ship blood products to hospitals in Florida. OneBlood then took to manually labeling blood products as the system ground to a halt. Forbes noted that the biggest obstacle to “getting blood out the door” was moving to manual labeling and registrations. OneBlood said that the process caused hospitals to operate as if there were a shortage of blood – following what is known as the “blood shortage protocol.”
Forbes went on to state that the blood supply cannot be taken for granted and that eligible donors should make an appointment to donate as soon as possible. Forbes has remained confident in the company’s ability to recuperate saying despite the challenges, OneBlood has remained operational throughout the ransomware event – ensuring that blood drives are taking place, donor centers are open, and a tremendous response from OneBlood donors is being seen.
To make up for the shortage and loss of blood, OneBlood began to partner with blood centers across the country and a national disaster task force that would send additional blood, platelets, and other blood products to healthcare providers as required. The OneBlood ransomware attack comes just weeks after the NHS cyber attack caused a massive blood donation shortage and forced the NHS to issue an amber alert to restrict the usage of blood. We’ll now learn more about the NHS cyber attack and how it relates to the rise of ransomware in healthcare.
NHS Cyber Attack
As cyber threats against the healthcare industry become a major concern, the National Health Service has also stepped in to prevent devastating effects. The NHS has recently appealed for people with O-type blood to come forward urgently and donate after blood stocks dropped to an unprecedented low in England - which has been partly caused by a recent ransomware attack on pathology firm, Synnovis.
In June, NHS England confirmed that patient data managed by pathology testing organization Synnovis was stolen in a ransomware attack. More than 3000 hospital and GP appointments were affected by the NHS cyber attack. Russian hacking group, Qilin, shared almost 400GB of confidential data on their darknet site after threatening Synnovis in the ransomware attack. While NHS England said that there was no evidence that blood test results were published, the investigations were still ongoing. Synnovis has confirmed that its administrative working drive had been posted in the ransomware attack in a partial and fragmented form - which will contain some fragments of patient identifiable data.
A sample of the stolen data seen by the BBC includes patient names, dates of birth, NHS numbers, and descriptions of blood tests. Additionally, there are business account spreadsheets detailing financial arrangements between hospitals, GP services, and Synnovis. The hackers further told the BBC on an encrypted messaging service they had deliberately targeted Synnovis as a way to punish the UK for not helping enough in an unspecified war.
Since the NHS cyber attack, several major London hospitals with Synnovis contracts - including King's, Guy's, and St Thomas' - have not been able to run checks as quickly as normal. Due to the disruptions, blood donation levels have dwindled as well and doctors have resorted to using O-type blood - which is draining stock levels across the whole system in England.
Type-O blood is a universal blood type that can be used for all patients and is mostly used for emergencies or patients with unknown blood types. However, the latest data from NHS Blood shows that national stocks of O-negative blood are currently running at only 1.6 days in England - which is well below the six-day target. Officials have also issued an amber alert asking hospitals to restrict the use of O-type blood to essential cases or use an alternative where safe to do so.
In the American Hospital Association and Health-ISAC Joint Threat Bulletin, John Riggi has said that the recent OneBlood ransomware attack and the previous attacks against Synnovis and Octapharma in the US have resulted in significant disruption to patient care. He went on to state that these incidents remind us that “any cyberattack against any entity that results in the delay and disruption to life-sustaining care is a threat to life crime.”
Riggi also strongly recommended that hospitals and health systems identify all of their life-critical and mission-critical third-party service and supply chain providers. This will help to develop business and clinical continuity procedures and supply chain resiliency to sustain a loss of access to those critical services and supplies for 30 days or longer. The bulletin further urged government partners to do more to disseminate threat intelligence and provide assistance after cyber-attacks – stating that it is clear after these ransomware attacks that “cyber adversaries are intent on disrupting health care delivery on a systemic level.” We can now look at some of the ways healthcare providers can protect themselves from ransomware attacks.
How Healthcare Providers Can Prevent Ransomware
Healthcare is an integral aspect of every community and needs to be consistently available to the public. Blood donations and services are one of the most crucial elements of the healthcare system that ensure a steady flow of blood for life-saving transfusions while allowing faster blood testing procedures. Ransomware attacks on the healthcare system can cause fatal disruptions in this flow and force providers to resort to manual or limited service. These are some of the main ways that healthcare providers can prevent ransomware attacks:
- Allow expert cybersecurity providers to perform full security assessments. This will help to understand your company’s security posture and make improvements.
- Ensure that regular data backups are done to protect patient data.
- Invest in a Next-Generation Firewall to block any unauthorized access.
- Limit access to critical data and systems. Try to instill a zero-trust strategy to ensure that only certain people can access privileged information.
- Use advanced Endpoint Security to protect endpoint devices and the network from malware.
- Provide cybersecurity training and awareness programs for employees to ensure that the appropriate cyber hygiene practices are followed. This includes avoiding unknown links, attachments, or correspondence.
- Choosing a reliable anti-ransomware solution. Sangfor’s Anti-ransomware platform is the only security solution that addresses the entire life cycle of ransomware attacks. The solution uses AI and the synergy between Network Secure and Endpoint Secure to detect and block ransomware attacks in just 3 seconds.
As ransomware attacks grow and expand across the healthcare sector, it’s up to healthcare providers to use the correct platforms and practices to ensure the safety of user data and critical infrastructure. The OneBlood cyber-attack will serve as a reminder for these crucial services to maintain a higher level of cybersecurity. Contact Sangfor today for information on enhancing cloud infrastructure and cybersecurity or visit www.sangfor.com to learn more.