3rd Party Risk Management , Fraud Management & Cybercrime , Governance & Risk Management

Attacks on Blood Suppliers Trigger Supply Chain Warning

Blood Shortage After Ransomware Attack Underscores Rising Threats to Patient Safety
Attacks on Blood Suppliers Trigger Supply Chain Warning
OneBlood says it is moving in the right direction to recover from a ransomware attack that disrupted its blood supply processes. (Image: OneBlood)

A ransomware attack last week against a Florida-based blood center, compounded by a hurricane making landfall on Monday, are shining the spotlight on the fragility of the U.S. medical supply chains.

See Also: Live Webinar | Maximizing Security Investments Part 2: Uncovering Hidden Budget and Optimizing Cybersecurity Spend

Healthcare sector organizations urgently need to step up supply chain security and resilience in the face of highly disruptive cyberattacks against critical suppliers, according to the American Hospital Association and Health Information Sharing and Analysis Center.

The AHA and H-ISAC's joint warning on Wednesday came on the heels of July 29 ransomware attack against OneBlood, a nonprofit blood donation center that serves about 350 hospitals in the southeastern U.S.

Last week OneBlood urged hospitals to activate their critical shortage protocols for blood supplies as the firm struggled with time-intensive manual processes such as testing and labeling during its IT outage (see: Ransomware Hit on Florida Blood Center Affects Supplies).

On Sunday, OneBlood said in an update that while it is still recovering from the attack, its critical software systems have cleared reverification and are operating in a reduced capacity.

The center also urged the public to donate blood, especially platelets, to help counter potential spikes in demands related to Hurricane Debby hammering Florida, Georgia and the Carolinas beginning Monday, and other states on the East Coast through much of the week.

"OneBlood has returned to automated labeling of all blood products and hospital orders are being filled as requested," OneBlood spokeswoman Susan Forbes told Information Security Media Group on Monday.

"Blood drives are taking place, our donor centers have remained open, and we continue to see a tremendous response from OneBlood donors answering the call for blood donations and platelet donations," she said.

"Over the past week, the national blood industry has helped augment our supply by sending us additional blood products to provide to hospitals."

"The priority was to bring our critical software systems utilized to manage our daily operations regarding the blood supply back online and we have done that," Forbes said.

"The OneBlood team, along with outside specialists continue to work on bringing the rest of our network back to full capacity."

OneBlood is continuing its investigation into the ransomware attack to determine whether it compromised any patient, she said. She declined to comment on whether a ransom was demanded or paid, citing OneBlood's ongoing investigation and recovery process.

In the Bulls' Eye

Federal authorities last week speculated that the attack on OneBlood was the work of Russian-speaking cybercriminal gang RansomHub. But OneBlood is at least the third blood center to be hit by Russian-speaking ransomware gangs in recent months.

An April attack on Octapharma Plasma, the U.S. operations of a Swiss pharmaceutical maker, shut down nearly 200 blood plasma donation centers for several days. The Russian-speaking ransomware gang BlackSuit is suspected to be behind that attack (see: Suspected Attack Shuts Down US Blood Plasma Donation Centers).

A June attack on Synnovis, a British pathology laboratory services provider, disrupted patient care and testing services at several London-based National Health System hospitals and other care facilities, ultimately affecting the United Kingdom's blood supplies. Russian-speaking ransomware group Qilin claimed responsibility for the Synnovis attack (see: UK Blood Stocks Drop After Ransomware Hack).

"What concerns me most about the increase in cyberattacks on critical third-party suppliers is the harmful effect these incidents can have on patient care," said regulatory attorney Betsy Hodge, a partner at the law firm Akerman LLP.

"Increasingly, we see that these attacks not only affect organizations’ ability to access their patients’ health data, but also the organizations’ ability to provide safe care to patients," she said.

For example, the immediate impact of the OneBlood incident on hospitals and other healthcare providers was the depleted blood supply which directly affects patient care, she said. "This impact was compounded by the fact that the state of Florida and its hospitals were preparing for a tropical storm/hurricane, an event that typically leads to fewer people donating blood as they focus on protecting their homes and families from a significant weather event. "

The recent ransomware attacks on OneBlood, Synnovis and Octapharma by Russian cybercrime ransomware gangs indeed resulted in a massive disruption to patient care, AHA and Health-ISAC said it their joint alert.

While those three attacks appear unrelated and have been conducted by separate Russian-speaking ransomware groups, "the unique nature and proximity of these ransomware attacks - targeting aspects of the medical blood supply chain within a relatively short time frame, is concerning," AHA and Health-ISAC said.

"Now that three critical third-party supply chain attacks have significantly impacted healthcare delivery in the past three months, it should serve as a wake-up call across the industry to address supply chain security and resilience"

Hypothetically, if those type of attacks were to occur on different suppliers at the same time - such as on a blood donation organization and a medical gas supplier - "the impacts to patient care would likely compound to create a larger impact than if the suppliers were attacked individually at different times," the alert said. "The aggregate effect could be exponentially greater and could result in an unanticipated cascading effect to patient care."

These recent attacks underscore the urgency to incorporate "mission-critical and life-critical third-party suppliers into enterprise risk management and emergency management plans to maintain resiliency and redundancy in the modern digitally connected healthcare ecosystem," the groups warned.

Healthcare sector entities should prioritize applying risk management assessment principles to their critical suppliers and partners, the alert said.

The blood center incidents also come amid many other attacks on third-party vendors that provide products or IT services to the healthcare sector.

The February ransomware attack on UnitedHealth Group's IT service unit Change Healthcare was the most disruptive of such attacks (see: Change Healthcare Begins to Notify Millions Affected by Hack).

"The attack against Change was the most significant and consequential cyberattack against U.S. healthcare in history," the alert said.

"When critical services abruptly went dark as a result of the ALPHV/BlackCat ransomware attack against Change Healthcare, every hospital in the U.S. was impacted directly or indirectly for months, especially in regard to revenue cycle disruptions," the alert said.

The AHA and Health-ISAC urge healthcare sector entities to carefully consider in advance supply-chain outages and the potential impact to business operations and care delivery.

"Identify alternative suppliers or use multiple suppliers to create redundancy. The idea is to eliminate the single points of failure in healthcare supply chains and minimize disruptions to healthcare delivery in the event of ransomware attacks on critical suppliers," the alert said.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.