Blood donation firm reveals donor personal data stolen in cyberattack

News
By published

July 2024 attack saw donors lose sensitive personal data

A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
(Image credit: Shutterstock / Thapana_Studio)
  • OneBlood suffered a cyberattack in July 2024, and has now concluded its investigation
  • The analysis has shown OneBlood lost sensitive information on some customers
  • Names and Social Security numbers among the details taken

OneBlood, a nonprofit medical organization crucial for the operations of healthcare firms across the Southeastern US, has confirmed it lost sensitive donor information in a ransomware attack.

In July 2024, OneBlood suffered an attack causing an IT system outage and resulted in 250 hospitals activating critical blood shortage protocols.

The move disrupted services across multiple US states, with the organization operating at a ‘significantly reduced capacity’ - meaning whilst OneBlood continued to collect, test, and distribute blood, it had to return to using manual labelling process, which significantly slowed work. The attack also meant surgeries and treatments were impacted across several states as OneBlood looked to get back up to speed.

Names and SSNs

Now, BleepingComputer has published a data breach notification letter that OneBlood allegedly started sending to affected individuals, describing what happened, and what kind of information the attackers compromised.

“On or around July 28, 2024, OneBlood became aware of suspicious activity within its network,” the letter reads. “Our investigation determined that between July 14 to July 29, 2024, certain files and folders were copied from our network without authorization. On or about December 12, 2024, we completed our review and determined that the affected files contained your information.”

The company said the thieves stole people’s names and Social Security numbers (SSN) - but as organizations usually collect a lot more information than this (such as postal addresses, email addresses, phone numbers, demographic data, health information, and more), hackers having stolen “only” names and SSNs could be seen as a silver lining.

Still, even this is enough to engage in phishing, identity theft, and other forms of cybercrime. We don’t know exactly how many people were affected by the incident, but it's best to invest in some identity theft protection tools.

Even though there is no evidence of the data being abused in the wild, OneBlood is providing affected individuals with free credit monitoring services for a year. Users have until April 9 to activate the service, it added, stressing that they should also keep a close eye on their bank statements for suspicious transactions.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Code Skull
Blood donation giant warns of issues following ransomware attack
healthcare
Top US health provider tells 882,000 patients they were hit in August 2023 breach
Data leak
Top California sperm bank suffers embarrassing leak
security
Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
Data breach
Top medical billing firm says data breach hit 360,000 users
ransomware avast
The biggest addiction treatment provider in the US says it was hit by data breach
Latest in Security
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
UK Prime Minister Sir Kier Starmer
The UK releases timeline for migration to post-quantum cryptography
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
Latest in News
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
More about security
Hacker silhouette working on a laptop with North Korean flag on the background

North Korea unveils new military unit targeting AI attacks

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)

This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
The Mail app running on iOS, with categories shown on-screen.

How to turn off Mail categories on iPhone, or customize them to your needs
See more latest
Most Popular
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD
Asus Vivobook 18
The Asus Vivobook 18 is the only affordable 18-inch laptop right now, and it comes with a powerful CPU no other laptop has
Peter Claffey as Ser Duncan the Tall in The Knight Of The Seven Kingdoms
A Knight Of The Seven Kingdoms: The Hedge Knight – everything we know so far about HBO's Game of Thrones prequel
Vinpower iXFlash and iXFlash Cube
This tiny 2TB USB Flash drive can both charge and backup your iPhone at the same time
Compal Adapt X modular laptop
One of the largest laptop manufacturers releases concept pictures of Adapt X, a modular laptop in the same vein as Framework
Anycubic foldable portable 3D printer
Anycubic may launch this gorgeous foldable portable 3D printer any day soon, and I can't wait to try it out