OneBlood have confirmed that donors personal information was stolen as part of a cyber attack that took place in July, 2024.
During the ransomware attack, cyber criminals encrypted OneBloods virtual machines. This meant they had to rely on less effective manual processes. This resulted in an urgent call for universally compatible O Positive, O Negative, and Platelet donations that could be used in urgent transfusions.
OneBlood is a not-for-profit organization that provides blood to over 250 hospitals. It serves communities across Florida, Georgia, Alabama and South Carolina.
Read: Critical NHS Hospital Appointments Cancelled After Blood Lab Cyber Attack
On July 28th, 2024 OneBlood ‘became aware of suspicious activity within its network’. This prompted a full investigation that determined an unauthorized third party was able to access and copy internal files between July 14th and July 29th, 2024.
Those affected by the cyber attack have had their full name and social security number put at risk.
This incident yet again highlights the increasing vulnerability of the healthcare sector to cyberattacks. Hospitals and healthcare providers rely heavily on technology and house incredible sensitive information, making them prime targets for cybercriminals.
What to do if you’ve been impacted by the OneBlood Cyber Attack?
Having highly personal data compromised can be extremely distressing. If your information has been compromised as part of the OneBlood will have notified you directly through a letter sent to your home address.
The OneBlood team has set up a call center to answer questions about the data breach and address concerns. This direct phone number is included in your incident notification letter.
OneBlood has also set up a complimentary credit monitoring service. You must enroll within 90 days of receiving your incident notification letter and quote the unique code provided within the letter.
Read: McLaren Health Care Cyber Attack Puts Patient Data at Risk
Be aware that your information being compromised can make you a target for social engineering and phishing scams. These scams involve impersonating trusted organizations or individuals using information they already have about you as a result of the leak to convince you to hand over money or further details. Be skeptical of anyone asking you for information.
Update all passwords and enable multi-factor authentication on as many accounts as possible, especially social media accounts as well as banking and email.
Make sure you also keep a close eye on your bank and credit card statements for any unusual activity and report any suspicious transactions immediately and consider freezing your cards and credit.
Organizations must make sure to keep up with the latest trends and best practices in cybersecurity to prevent similar data breaches impacting their clients, customers and staff.
