Blood donation company reveals donor personal data stolen in cyber attack

OneBlood suffered a cyber attack in July 2024 and has now completed its investigation
The analysis has shown that OneBlood has lost sensitive information about some customers
Names and CPR numbers among the recorded details

OneBlood, a nonprofit medical organization critical to the operation of healthcare businesses in the southeastern United States, has confirmed that it lost sensitive donor information in a ransomware attack.

In July 2024, OneBlood was hit by an attack that caused an IT system crash and resulted in 250 hospitals activating critical anemia protocols.

The move disrupted services across several US states, with the organization operating at a “significantly reduced capacity” – meaning that while OneBlood continued to collect, test and distribute blood, it had to revert to using a manual labeling process, which significantly slowed the work. The attack also meant operations and treatments were affected in several states as OneBlood appeared to be getting back up to speed.

Names and SSNs

Now, Bleeping Computer has released a data breach notification letter that OneBlood reportedly began sending to affected individuals, detailing what happened and what kind of information the attackers compromised.

“On or about July 28, 2024, OneBlood became aware of suspicious activity within its network,” the letter states. “Our investigation determined that between July 14 and July 29, 2024, certain files and folders were copied from our network without permission. On December 12, 2024, we completed our review and determined that the affected files contained your information.”

The company said the thieves stole people’s names and social security numbers (SSNs) — but since organizations usually collect much more information than this (such as mailing addresses, email addresses, phone numbers, demographic data, health information and more), the hackers stole “only ” names and SSNs, could be seen as a silver lining.

Yet even this is enough to engage in phishing, identity theft and other forms of cybercrime. We don’t know exactly how many people were affected by the incident, but it’s best to invest in some identity theft protection tools.

Although there is no evidence that the data is being misused in nature, OneBlood is providing affected individuals with free credit monitoring services for one year. Users have until April 9 to activate the service, it added, stressing that they should also keep a close eye on their bank statements for suspicious transactions.

Via Bleeping Computer

Must Read

Leave a Comment Cancel Reply