- OneBlood suffered a cyberattack in July 2024 and has already concluded its investigation
- Analysis has shown that OneBlood lost sensitive information about some customers.
- Names and Social Security numbers among the details taken.
OneBlood, a nonprofit medical organization crucial to the operations of healthcare companies across the Southeastern U.S., confirmed it lost sensitive donor information in a ransomware attack.
In July 2024, OneBlood suffered an attack that caused an IT system outage and caused 250 hospitals to activate critical blood shortage protocols.
The move disrupted services in several US states, and the organization was operating at a “significantly reduced capacity,” meaning that while OneBlood continued to collect, test and distribute blood, it had to revert to using the manual labeling process. , which significantly slowed down work. The attack also meant that surgeries and treatments were affected in several states as OneBlood looked to catch up again.
Names and SSN
Now, beepcomputer has published a data breach notification letter that OneBlood allegedly began sending to affected people, describing what happened and what type of information the attackers compromised.
“On or about July 28, 2024, OneBlood became aware of suspicious activity within its network,” the letter reads. “Our investigation determined that between July 14 and July 29, 2024, certain files and folders were copied from our network without authorization. On or about December 12, 2024, we completed our review and determined that the affected files contained your information.”
The company said the thieves stole people’s names and Social Security numbers (SSN), but since organizations typically collect much more information than this (such as mailing addresses, email addresses, phone numbers, demographic data, information health and more), hackers having stolen “only” names and social security numbers could be seen as a positive side.
Still, even this is enough to commit phishing, identity theft, and other forms of cybercrime. We don’t know exactly how many people were affected by the incident, but it’s best to invest in some identity theft protection tools.
Although there is no evidence that data has been abused in the wild, OneBlood provides affected individuals with free credit monitoring services for one year. Users have until April 9 to activate the service, he added, noting that they should also closely monitor their bank statements for suspicious transactions.
Through beepcomputer
