Ransomware seizes hospitals' blood supply

A ransomware attack on blood donation nonprofit OneBlood this week is forcing many hospitals across the southeastern U.S. to rely on their critical blood supplies and host last-minute blood drives.

Why it matters: OneBlood provides blood samples to more than 300 hospitals in Georgia, Florida and the Carolinas, and some hospitals may need to delay certain procedures until the blood supply is back to normal.

State of play: Susan Forbes, a spokesperson for OneBlood, told Axios on Thursday that the nonprofit's online infrastructure systems are "starting to come back online," noting that they'll soon be able to return to the critical online tools they use to label donated blood.

• OneBlood first detected the ransomware attack on Monday, and ever since, the nonprofit has had to rely on manual processes — like printing out its own labels and having donors fill out paper forms — to ship donations to hospitals.

• In the last few days, the nonprofit has brought in more people, printers and other systems to more quickly label blood samples as required under FDA regulations, Forbes said.

• "Donors are coming in," she said. "It's getting the product out the door to the hospital — there's the delay in that because of the manual processes to label these products."

Threat level: Earlier this week, the nonprofit urged more than 250 hospital partners to activate their critical blood shortage protocols.

Other blood banks have started helping out local hospitals to fill in the gaps. But "there's only so much blood to go around," Forbes said.

Zoom in: At Tallahassee Memorial HealthCare, at least two complex elective surgeries were rescheduled Wednesday, and the hospital is actively seeking additional blood supply sources, according to WCTV.

• The University of Miami health system hosted a blood drive Thursday to help supplement supplies to local hospitals.

The big picture: Ransomware attacks against U.S. health care systems are getting worse, Allan Liska, a ransomware analyst at Recorded Future, told Axios.

• Cybersecurity firm Check Point Software Technologies estimates that health care organizations face an average of 1,671 attacks per week.

What they're saying: "Just because the ransomware actor didn't pull the trigger doesn't mean they weren't indirectly responsible for the death of a patient," Liska said.

• Anyone arguing that ransomware doesn't lead to patient death "is just wrong," he added.

Between the lines: Ransomware actors have learned that they can make a lot of money and get a lot of public attention when they target major health care systems, Liska said.

• Public attention can be a selling point for those who operate so-called ransomware-as-a-service groups, where malware developers license their ransomware strains to freelance hackers for a share of the attack profits.

• Ransoms can be lucrative if hackers hit the right target. Change Healthcare said it paid $22 million to ransomware hackers.

Yes, but: At least in the OneBlood cyberattack, people are able to help offset the impact, Liska said.

• "Everyone can donate blood, and that can help all of these hospitals, all of these medical facilities that are suffering," he said. "It's weird to have a ransomware attack where there's an effective and immediate call to action."

The bottom line: OneBlood is calling on people who are able to donate blood, especially those with the O-positive and O-negative blood types that hospitals urgently need.

• Platelet donations are also in high demand.

Source