Blood donation center left heavily disrupted after ransomware infection encrypts virtual infrastructure
OneBlood, one of the largest blood donation centers in the United States, has fallen victim to a disruptive ransomware attack over the weekend. The non-profit organization, which serves over 200 hospitals across the southeast region, confirmed the incident had significantly impacted their operations.
A ransomware gang infiltrated OneBlood’s network and deployed encryption onto the critical VMware ESXi virtualization servers that hosted their systems.
“Our comprehensive response efforts are ongoing, and we are working diligently to restore full functionality to our systems as expeditiously as possible,” stated Susan Forbes, Senior Vice President of OneBlood.
By encrypting the virtual machines, the ransomware was able to penetrate deep into their operations and disrupt the software systems used for collecting, testing and distributing blood products across their network. According to sources, the ransomware attack occurred over the weekend when limited IT staff were available to mount an immediate response.
The disruptions have forced OneBlood to fall back onto manual processes, which are significantly less efficient than their usual digital workflows.
“Although OneBlood remains operational and continues to collect, test and distribute blood, they are operating at a significantly reduced capacity,” acknowledged the organization in a statement.
Over 250 hospitals dependent on OneBlood’s supplies have activated critical blood shortage protocols. Neighboring blood donation centers and disaster relief organizations like the AABB are attempting to reroute additional blood products to OneBlood to keep up with medical demand. All common blood types, such as O Positive, O Negative and platelets, are currently in urgent need. Eligible donors are strongly encouraged to schedule an appointment.
Experts believe targeting virtual infrastructure is a potent ransomware technique, as the encryption can spread widely across interconnected systems from a single point of compromise. The NHS faced similar disruptions last month when the Qilin ransomware impacted UK pathology provider Synnovis, threatening blood supply in London hospitals. No group has claimed credit for the OneBlood attack yet.
Further details about the ransomware variant or whether ransom is being negotiated were not provided. OneBlood says they are working closely with law enforcement and offering impacted parties credit monitoring services. The attack serves as a strong reminder of the realities of modern ransomware, which continuously expands tactics to infiltrate vital networks around the world.