Cyberattack Hits Blood-Donation Nonprofit OneBlood

A cyberattack has hit a blood-donation nonprofit that serves hundreds of hospitals in the southeastern US. From a report: The hack, which was first reported by CNN, has raised concerns about potential impacts on OneBlood's service to some hospitals, multiple sources familiar with the matter said, and the incident is being investigated as a potential ransomware attack. An "outage" of OneBlood's software system is impacting the nonprofit's ability to ship "blood products" to hospitals in Florida, according to an advisory sent to health care providers by the Health Information Sharing and Analysis Center, a cyberthreat-sharing group, and reviewed by CNN. OneBlood has been manually labeling blood products as the nonprofit recovers from the incident, the advisory said.

Nobody is safe

[gweihir]

The attackers have no restraint anymore. Get you act fixed or prepare to get hit. If, at this time, you think you can still get away with crappy IT security and no effective recovery procedures, then this is on you.

Re:

[Fly Swatter]

No this is on all the idiots that payed a ransom in the past. No pay, no business model for the terrorists.

Re:

[gweihir]

Both, actually. You do require people to lock doors to protect their organization, do you? This is no different.

This is terrorism. We should treat it as such.

[Fly Swatter]

Arguably worse than physical harm. Health care attacks should be considered an act of terrorism. Any country that provides safe harbor (when you can find the terrorist) should then be considered an act of war and sanctioned (yes no actual war yet). But this is getting ridiculous. Zero tolerance is the only way, at least make paying blackmail and ransom an immediate corporate death penalty.

Stop paying the terrorists ffs, and their entire business model dries up.

Re:

[gweihir]

Applying big words, and words which you obviously do not understand, to a problem does not make the problem go away or change its nature. This is organized crime, fostered and nurtured by too many enterprises and organizations that have bad IT security and are willing to pay ransom. Nothing else.

Re:

[HiThere]

Sorry, but while it is that, it's not *just* that. Paying the blackmail is part of what keeps the cycle going, so that ALSO need to be strongly discouraged. "Corporate death penalty" might be a bit strong, but the CEO and the Board should be personally responsible for any (monetary) damages incurred as a result of such an act. The problem is proving what damages result from what. And double or triple the damages if they paid blackmail.

Re:

[gweihir]

I would agree to that. "We will just pay the ransom" or not even thinking about it and doing no relevant risk analysis and risk management must become completely unacceptable and have personal consequences for the CEO and the board. Consequences they cannot avoid and that the company cannot or insurance cannot protect them against. Unless and until that happens, the problem will get worse and worse.

Re:

[NoWayNoShapeNoForm]

Sorry, but while it is that, it's not *just* that. Paying the blackmail is part of what keeps the cycle going, so that ALSO need to be strongly discouraged. "Corporate death penalty" might be a bit strong, but the CEO and the Board should be personally responsible for any (monetary) damages incurred as a result of such an act. The problem is proving what damages result from what. And double or triple the damages if they paid blackmail.

And when you get a CEO and IT group that really does want to lock stuff down in a solid effort to prevent most ("preventing all" is a human impossibility) occurences, then you get the whiners on /. and FB and X and elsewhere complaining their work does not let them use XYZ app or Whatever email whatever because the CORP Internet access is so locked down.

I once worked at a place that was locked down like that ... and I liked it once I fully understood what all was going on and WHY stuff got locked down. Infe

Actual impact?

[geekmux]

An "outage" of OneBlood's software system is impacting the nonprofit's ability to ship "blood products" to hospitals in Florida..OneBlood has been manually labeling blood products as the nonprofit recovers..

Kudos to OneBlood for having a backup plan in place, but what is the actual impact here? This reads like a virus infected the PC hooked up the the label printer, and now they’re having to resort to writing labels by hand. Is there a reported impact to blood flow (pun intended) around Florida hospitals or not?

A cyberattack has hit a blood-donation nonprofit that serves hundreds of hospitals in the southeastern US.

Ah, I see. Clearly we’ve learned nothing about putting all our IVs in one blood bag. Oh and side note; how in the FUCK is a facility serving literally hundreds of hospitals with blood, s

Re:Actual impact?

[gweihir]

Oh and side note; how in the FUCK is a facility serving literally hundreds of hospitals with blood, still a “non-profit” with the prices we pay in America?

What, you thought all that money you pay was to get you better service? Get real. You are in the US, the world-champion of greed.

Re:

[LazarusQLong]

yep. Back in the 80's there was this famous line from a hit movie of that time wherein the protagonist proclaims that "Greed is Good!" well, all the business people these days still seem to believe that. I mean, Look at what ENRON did, people died because they were making money had over fist, the guy that invented that scam then fucked off and left another guy holding the bag... But, I am oversimplifying and someone on here will politely and gentle explain to me how sorry a sad ass I am I am sure.

Re:

[gweihir]

Well, you know, the larger inflated the national ego is, the more pathetic the actual reality.

BTW, I like your .sig

Re:

[LazarusQLong]

thanks. It may or may not be true, but, well, it seems to be so as far as I can tell.

Re:

[quonset]

the protagonist proclaims that "Greed is Good!" well, all the business people these days still seem to believe that.

There's a simple solution for this. Stop buying things. The only way to hurt companies is to not buy their products or services. Why do you think McDonald's has suddenly come back with $5 meal deals? It's not because they're being benevolent [apnews.com].

Re:

[gweihir]

That is why the medial field in the US is so especially depraved: You cannot simply stop buying these services.

Re:

[cascadingstylesheet]

What, you thought all that money you pay was to get you better service? Get real. You are in the US, the world-champion of greed.

Yeah, that gives people who say stuff like that a warm fuzzy feeling ... so rebellious, so cool!

OTOH, you might be in, say, Guatemala, where the response would be "Blood? oh, we don't have any right now. Maybe "tomorrow"" (which could mean next week, next month, or never).

Re:

[LazarusQLong]

ahhhhh, you have missed this bit of news, "Non-Profit" does not mean that the Board and all the people at the top do not pay themselves fat salaries, it just means that the business itself doesn't make a profit. When I lived on Cape Cod I was amazed at how many Mansion owning, Bentley driving people were there that ran "non-profits" One of them enlightened me though. You don't just cover all the costs with the donations, nooooooo, you increase what you can to the point that you can then pay yourself the sa

Re:

[gweihir]

Ah. So the same crap some "charities" do. And, come to think of it, a lot of organized religions.

Re:

[LazarusQLong]

exactly.

Re:

[cascadingstylesheet]

You don't just cover all the costs with the donations, nooooooo, you increase what you can to the point that you can then pay yourself the salary that you want.

On the other hand, salaries are in fact a cost. Which has to be covered.

Re:

[kid_wonder]

[snip] Oh and side note; how in the FUCK is a facility serving literally hundreds of hospitals with blood, still a “non-profit” with the prices we pay in America?

Non-Profit just means that there are no shareholders to worry about, and you don't have to pay taxes. Check out the contributions (almost nil) and officer compensation numbers ($1M CEO), this is a business that gives its profits to its officers:

https://projects.propublica.or... [propublica.org]

Re:

[gweihir]

How repulsive. And they still cannot be bothered to do decent IT security at those non-profits.

Re:

[laughingskeptic]

It says a lot that the CIO Scott Paul is not in the list of "Key Employees and Officers" and likely makes less than the two lowest paid execs: Svp Business Dev and Svp Human Resources.

Re:

[markdavis]

>"Non-Profit just means that there are no shareholders to worry about, and you don't have to pay taxes. Check out the contributions (almost nil) and officer compensation numbers ($1M CEO), this is a business that gives its profits to its officers"

What you are missing is that FOR profit does that (paying officers lots of money) *AND* pays many, many millions more to the shareholders. Non-profit is not an automatic scam. Many (if not most) do great work, and charge far less for services and/or pour reven

Re:

[NotEmmanuelGoldstein]

... the prices we pay ...

Non-profit doesn't mean cheap, it means a lack of shareholders profiting from your misery. That's money that can be spent on free clinics or world-class surgery. Billionaires like the later because it makes healthcare, to them, a fixed cost.

For the people who can't afford the latest surgical technology, there's health insurance and pharmaceutical manufacture, with their shareholders demanding a 20% profit on your misery.

Re:

[markdavis]

>"Oh and side note; how in the FUCK is a facility serving literally hundreds of hospitals with blood, still a âoenon-profitâ with the prices we pay in America?"

All the hospitals where I live are non-profit (more correctly labeled "not for profit"). I suspect that is more common than not. They make money, but spend it on surviving, upgrading equipment, indigent care, etc.

It isn't "profit" that makes most healthcare so expensive (at least not with hospitals). There are many other factors. I b

Non-profit my ass!

[anoncoward69]

LOL they get free donations of blood from the public, maybe give away some swag or gift cards, then turn around and resell it for hundreds of dollars. I don't see how any organization can be more sleazy.