- OneBlood suffered a cyberattack in July 2024 and has now completed its investigation
- Analysis showed that OneBlood lost sensitive information about some customers
- Names and social security numbers among the information taken
OneBlood, a medical nonprofit organization crucial to the operations of healthcare companies in the southeastern United States, has confirmed that it lost sensitive information about its donors in a ransomware attack.
In July 2024, OneBlood suffered an attack causing an IT system outage and forcing 250 hospitals to activate critical blood shortage protocols.
The move disrupted services in several US states, with the organization operating at “significantly reduced capacity” – meaning that while OneBlood continued to collect, test and distribute blood, it had to revert to a labeling process manual, which considerably slowed down the work. The attack also impacted surgeries and treatments in several states, as OneBlood sought to get back up to speed.
Names and SSN
NOW, BeepComputer published a data breach notification letter that OneBlood reportedly began sending to affected individuals, describing what happened and what type of information was compromised by the attackers.
“On or about July 28, 2024, OneBlood became aware of suspicious activities within its network,” the letter states. “Our investigation determined that between July 14 and July 29, 2024, certain files and folders were copied from our network without authorization. On or about December 12, 2024, we completed our review and determined that the affected files contained your information.
The company said the thieves stole people’s names and Social Security numbers (SSN) – but because organizations typically collect much more information than that (such as street addresses, email addresses, phone numbers, demographic data, health information, etc.), hackers stealing “only” names and social security numbers could be seen as a glimmer of hope.
Yet this is enough to engage in phishing, identity theft, and other forms of cybercrime. We don’t know exactly how many people were affected by the incident, but it’s best to invest in identity theft protection tools.
Even though there is no evidence of data abuse, OneBlood provides affected individuals with free credit monitoring services for one year. Users have until April 9 to activate the service, it adds, noting that they should also closely monitor their bank statements for any suspicious transactions.
Via BeepComputer
