Health-ISAC/AHA Issue Warning Following Ransomware Attacks on Mission-Critical Suppliers
Health-ISAC and the American Hospital Association (AHA) have issued a joint threat bulletin following three ransomware attacks by Russian ransomware groups on blood suppliers, which have caused shortages of blood and blood products that have massively disrupted patient care.
The most recent attack occurred on July 30, 2024, on OneBlood, a Florida-based provider of blood to around 250 hospitals in Alabama, Florida, Georgia, and North and South Carolina. The attack prompted the Florida Hospital Association to recommend hospitals that receive blood from OneBlood activate their critical blood shortage protocols. The RansomHub threat group is thought to have been behind the attack.
In early June, the Qilin ransomware group conducted an attack on Synovis, a provider of pathology services to the UK’s National Health Service, which caused massive disruption with more than 800 operations and 700 outpatient appointments canceled. The attack resulted in major blood shortages, with O-negative and O-positive blood donations destroyed as it was not possible to match them to electronic health records.
In April, the BlackSuit ransomware group conducted an attack on Octapharma Plasma, a blood plasma provider, which resulted in the temporary closure of its 190 U.S. plasma donation centers and plasma manufacturing facilities. Then there was the ransomware attack on Change Healthcare, the most significant and consequential healthcare cyberattack in history, with virtually every hospital in the United States directly or indirectly impacted by the attack.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
When attacks are conducted on companies that provide mission-critical and life-critical services to many healthcare providers, the disruption to patient care can be massive. These three ransomware attacks do not appear to be connected as they were all conducted by different threat actors, but they are a major cause of concern. Ransomware groups have been increasingly targeting third-party infrastructure as the massive disruption caused by an attack increases the probability of a ransom being paid.
In the event of more than one attack being conducted on mission-critical suppliers, Health-ISAC and the AHA warn that the aggregate effect could be exponentially greater and could result in an unanticipated cascading effect on patient care. Health-ISAC and the AHA said the nature and proximity of these three attacks should serve as a wake-up call for the healthcare industry. While ransomware attacks often prevent access to electronic health records and cause disruption, these three attacks clearly demonstrate how attacks on suppliers can cause massive disruption to patient care at multiple hospitals and health systems.
Health-ISAC and the AHA are urging healthcare delivery organizations (HDOs), hospitals, and health systems to take immediate action to improve supply chain security and resilience by reviewing their contingency plans for potential disruption to the blood supply chain and other mission-critical and life-critical medical supplies and to consider supply-chain outages and availability as part of their overall risk management assessment process.
HDOs, hospitals, and health systems should identify any supplier that is essential to the healthcare mission, where disruption to the service could have catastrophic consequences and there is a lack of suitable alternatives. Redundancy should be built into the supply chain strategy, such as identifying alternative suppliers or using multiple suppliers of critical supplies to reduce or eliminate single points of failure to minimize the impact of a ransomware attack on a critical medical supplier.
