The New York Blood Center (NYBC) said it suffered a ransomware attack that disrupted operations and forced it to reschedule some operations. NYBC is one of the largest independent blood collection and distribution organizations. It collects about 4,000 units of blood products daily and serves more than 75 million people at over 200 hospitals across the Northeast and 500 nationwide. The cyber incident occurred while the blood center was already facing a critical shortage due to a decline in the number of donors.
NYBC said it learned of the ransomware attack after detecting suspicious activity on its network on 26 January 2025. The blood center responded by engaging third-party cybersecurity experts to investigate and determine the nature and scope of the incident.[1]
NYBC’s probe determined that the suspicious activity resulted from a ransomware attack, forcing the blood center to take down certain systems. “We immediately engaged third-party cybersecurity experts to investigate. This investigation has confirmed that the suspicious activity is a result of a ransomware incident,” NYBC stated. ‘We took immediate steps to help contain the threat, including taking certain systems offline. We are working diligently with these experts to restore our systems as quickly and as safely as possible.”
The blood center said it was communicating with its hospital partners to discuss potential mitigations and ways to ensure undisrupted supply. Nonetheless, NYBC remains operational and accepts blood donations, although processing takes longer than usual. It also encourages eligible people to make donations to keep blood flowing across hospitals. Nonetheless, some blood campaigns could be impacted and rescheduled as the company works to restore impacted systems. The blood center plans to carry out more blood donation campaigns after restoring its systems to make up for any shortcomings. However, NYBC says it has no definite timeline for restoring the impacted systems as ransomware cleanup and data recovery usually take time.
Prior to the ransomware attack, NYBC was already grappling with blood shortages after recording a 30% drop in donations, crippling the regional blood supply and prompting the blood center to announce a blood emergency.
Meanwhile, no ransomware group has claimed responsibility for the NYBC ransomware attack. It also remains unclear if personal and protected health information was accessed. The blood center has also not reported receiving any ransomware demands. “While we aren’t aware of any groups claiming responsibility for the NYBC attack, ransomware groups such as Black Basta, ALPHV/BlackCat, and LockBit have historically targeted healthcare and critical infrastructure,” said Scott Weinberg, CEO of Neovera.
Blood donation centers targeted - A worrying trend has emerged where cybercriminals target blood donation centers resulting in critical shortages. In July 2024, cybercriminals attacked OneBlood which serves over 250 hospitals, causing partners to activate critical blood shortage protocols. The ransomware attack reduced OneBlood’s capacity to collect and distribute blood in Florida, Georgia, and the Carolinas, forcing the AABB Disaster Task Force to mobilize national resources to replenish the blood center’s supplies. “Ransomware gangs don’t discriminate between charitable organizations and for-profit companies,” said Paul Bischoff, Consumer Privacy Advocate at Comparitech. “Medical organizations are frequently targeted because they can’t operate for long without their computer systems, and those systems store a lot of sensitive patient and employee data. That makes hospitals and clinics more likely to pay ransoms. Furthermore, hospitals employ a lot of non-IT staff that attackers can phish.”
In April 2024, Octapharma suffered a BlackSuit ransomware attack that disrupted 190 plasma donation centers across the United States and the European Union. Similarly, London, UK-based Synnovis experienced a Qilin ransomware attack, causing blood shortages in June 2024.
Cyber-attacks on blood donation centers have prompted the Health Information Sharing and Analysis Center (Health-ISAC) and the American Hospital Association (AHA) to issue a joint threat bulletin warning of potential supply chain disruptions. “The recent ransomware attack on the New York Blood Center (NYBC) serves as a wake-up call for organizations across sectors, particularly those in critical services such as healthcare,” said Roei Sherman, Field CTO at Mitiga. “As one of the world’s largest independent blood collection and distribution organizations, this incident undermines not just their operational capacity but potentially jeopardizes public health.”
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.cpomagazine.com/cyber-security/a-ransomware-attack-has-struck-the-new-york-blood-center-amid-ongoing-shortages/
Comments