Ransomware attack on New York Blood Center forces workarounds, drive cancellations

One of the largest independent blood centers serving over 75 million people across the U.S. has been hit by a ransomware attack, forcing officials to reschedule blood drives and implement workarounds.

New York Blood Center Enterprises said its team discovered suspicious activity affecting the organization's IT system on Sunday, and third-party cybersecurity experts later confirmed it was a ransomware incident. 

Law enforcement has been contacted and New York Blood Center said it is working on containing the threat. 

“We understand the critical nature of our services, and the health of our communities remains our top priority. We remain in direct communication with our hospital partners and are implementing workarounds to help restore services and fulfill orders,” the organization explained. 

“At this time, we do not have a specific timetable for system restoration. We are working diligently with third-party experts to restore our systems as quickly and safely as possible. We are still accepting blood donations, but processing times may be longer than normal at donation centers and blood drives. We are in direct communication with our donor centers, sponsor organizations, and donors to share updates as appropriate.”

In an FAQ attached to the statement, the organization said donation center activities and blood drives “may need to be rescheduled.”

The FAQ adds that in the coming weeks, it may be necessary for the organization to do another push for more blood donations once they get through the current crisis. No ransomware gang has taken credit for the attack. 

New York Blood Center Enterprises thanked an array of hospitals, associations and other blood centers for assisting them in their response to the incident. 

Founded in 1964, New York Blood Center Enterprises controls multiple blood-related entities, including New York Blood Center, Community Blood Center, Blood Bank of Delmarva, Innovative Blood Resources, Memorial Blood Centers, Nebraska Community Blood Bank, Rhode Island Blood Center, Connecticut Blood Center and others, according to its website. 

The organizations collect about 4,000 units of blood products each day and serve more than 400 hospitals across dozens of states.

The ransomware attack is the latest in a string of cybersecurity incidents gravely impacting blood centers and pathology services in multiple countries. 

Nonprofit blood donation organization OneBlood was thrown into crisis last year when a ransomware attack limited the organization’s ability to provide blood to the 250 hospitals it serves across Alabama, South Carolina, Florida, Georgia and North Carolina.

The hospitals had to activate their critical blood shortage protocols and OneBlood had to manually label blood products due to the ransomware attack, CNN reported. Last week, OneBlood told state regulators that hundreds of names and Social Security numbers were stolen during that attack. 

The United Kingdom faced similar issues last year after ransomware attackers took down Synnovis, one of the largest businesses providing pathology services for hospitals and local clinics. South Africa’s national lab service was also hit with ransomware last year limiting the country’s ability to process blood test results during several concurrent health crises.