NHS calls for 1 million blood donors as UK stocks remain low following cyberattack

Britain’s National Health Service (NHS) issued a call on Monday for 1 million people in England to give blood this week as stocks remain low following a cyberattack last year.

Just 2% of the population “is keeping the nation’s blood stocks afloat” according to Monday’s announcement, and “there is now a pressing need to avoid a Red Alert which would mean demand far exceeds capacity, threatening public safety.”

Last year, the NHS issued an urgent call for O-type blood donations following a ransomware attack that disrupted pathology services at several healthcare organizations in London.

As a result of the inability to quickly match patients’ blood types, hospitals were using more of their O-type stocks as this is the safest to give to other blood types. While just 8% of the population have O negative blood, it accounts for 15% of all of the blood used by hospitals and first responders.

Amid an ongoing shortfall in donations, this resulted in national stocks being left “in a very fragile position” as first reported by Recorded Future News, ahead of the NHS Blood and Transplant agency issuing an “amber alert” status that limited the amount of blood available for only the most medically critical transfusions.

For information on donating blood in the United Kingdom, visit: https://www.blood.co.uk/

“Right now, there is a critical need for O negative donors — the universal blood type needed for emergencies — and for more donors of Black heritage, who are significantly more likely to have the specific blood types needed to treat sickle cell disease,” stated the NHS on Monday.

Dr. Jo Farrar, the chief executive of NHS Blood and Transplant, said: “There are many thousands of people who donate regularly and help us keep patients alive. Thank you. You are amazing. You keep the NHS going and save and transform thousands of lives a year.

“Our stocks over the past 12 months have been challenging. If we had a million regular donors, this would help keep our stocks healthy – you'd truly be one in a million. Please book an appointment today, experience how good it feels to save lives, and come and do it again in a few months.”

The attack on Synnovis, the pathology services company, involved the ransomware group Qilin publishing patients’ stolen information online. As reported by Recorded Future News, an analysis of the data by data breach specialists CaseMatrix suggests more than 900,000 individuals were impacted, with the published material including names, dates of birth, NHS numbers, and in some cases personal contact details.

But the most sensitive information CaseMatrix identified included pathology and histology forms used to share patient details between medical departments and institutions. These forms often describe symptoms of intimate and private medical conditions, including cancer and sexually transmitted infections.

As of last month, as Recorded Future News reported, the affected patients still have not been informed about what data of theirs was exposed in the incident, with material about STIs and cancer cases being included in the extortion attempt.

Synnovis told Recorded Future News last month that its eDiscovery process was nearing completion but still ongoing. A spokesperson said: “We understand and share the eagerness for this investigation to conclude. It is nearing completion, which is significant progress, and allows us to now finalise the processes and mechanisms required to update any affected organisations and individuals as appropriate.”

A spokesperson did not provide an update regarding the current status of the eDiscovery process as of publication.

According to guidance from the Information Commissioner’s Office (ICO), Britain’s privacy laws recognize that data breaches cannot always be fully investigated within a short time period — but there remains a legal requirement for organizations to inform data subjects about the compromise of sensitive details.

A relevant example published by the ICO states: “A hospital suffers a breach that results in accidental disclosure of patient records. There is likely to be a significant impact on the affected individuals because of the sensitivity of the data and their confidential medical details becoming known to others. This is likely to result in a high risk to their rights and freedoms, so they would need to be informed about the breach.”