OneBlood Falls Victim to Ransomware Attack, Impacting Blood Supply to Florida Hospitals

ORLANDO, Fla. — A ransomware attack has hit a nonprofit blood donation organization that serves hospitals across Florida and the southeastern United States.

OneBlood said it was hit by ransomware that “affects its software system.” The group said it is working with cybersecurity experts and law enforcement to respond to the attack.

CNN, which first reported the issue, said the attack “has raised concerns about the potential impact on OneBlood services provided to some hospitals.”

According to a notice sent to healthcare providers by the Center for Health Information Sharing and Analysis, the outage caused by the ransomware attack “impacts the nonprofit’s ability to deliver ‘blood products’ to Florida hospitals.”

“They have all the blood they need, but they can’t label it fast enough to get it to the hospitals,” Dr. Peggy Duggan, chief medical officer at Tampa General Hospital, told the I-Team. “As the only Level I Trauma Center in the Tampa Bay area, we have to be prepared for anything. And we have a very high-risk OB-GYN where a lot of women come in and give birth at high risk.”

“We have implemented manual processes and procedures to remain operational. Manual processes take significantly longer and impact inventory availability,” Susan Forbes, senior vice president of corporate communications and public relations at OneBlood, said in a statement.

Florida Hospital Association President and CEO Mary Mayhew said OneBlood is operating at a significantly reduced capacity, 40%. Mayhew said the association was first notified Monday.

“Eighty to 90 percent of all the blood for the hospital in Florida comes from this one supplier. OneBlood,” Mayhew told the ABC Action News I-Team. “This is analogous to attacking our nation’s electrical grid, attacking our air traffic control towers. I think we understand right away that they’re attacking our blood supply — a lifesaving, critical resource for our state, for our country.”

Mayhew gave an example that illustrates the effects of a ransomware attack.

“One of our larger hospitals typically gets 80 units of platelets a day. Today they got nine units. A mother who’s having a hemorrhage could use nine units of platelets immediately. That’s the difference,” Mayhew said. “So hospitals have to make very difficult decisions, but they’re trying to triage and prioritize those really urgent surgeries that are critically important and lifesaving.”

“To better manage our blood supply, we have asked the more than 250 hospitals we serve to activate critical blood shortage protocols and remain in that state for the time being,” Forbes said.

OneBlood said the national blood donation community is “uniting to help OneBlood and the hospitals and patients it serves,” but added that there is an urgent need for O+, O- and platelet donations.

We have contacted local hospital authorities to find out what impact this is having on patients.

HCA released the following statement.

Tampa General Hospital released the following statement regarding the ransomware attack.

BayCare Health System operates 16 hospitals in the Tampa Bay area. We emailed them about the outage.

ABC Action News I-Team reporter Kylie McGivern emailed Baycare with the following questions about the attack:

Have you had to postpone any surgeries? Have you had to inform doctors/patients of any changes you are making? What do patients and the public need to know?

Baycare Media Relations Department response:

“OneBlood, a nonprofit blood center that supplies blood and blood products to our hospitals, is experiencing a ransomware attack that is affecting their software system. While they are still operating, their ability to distribute blood and blood products has been significantly reduced. At this time, BayCare has experienced minimal disruption. We received advance notice and have taken all necessary precautions to protect patient safety, including postponing some surgeries and procedures. Any questions regarding the ransomware attack should be directed to our vendor, OneBlood.

RE Services: The outpatient blood product infusion schedule is closely monitored by our healthcare professionals to ensure product availability.

RE: What people need to know: As stated in a OneBlood press release, the community is being asked to donate blood: “If you are eligible to donate blood, we strongly encourage you to schedule an appointment as soon as possible. All blood types are needed, but donations of O positive, O negative and platelets are urgently needed.”