OneBlood, a blood donation nonprofit, confirms that donors’ private data was stolen in a ransomware assault final summer time.
a blood first reported to the general public concerning the July 31, 2024, assault, noting that ransomware actors had encrypted their digital machines, forcing the healthcare group to resort to handbook processes.
OneBlood is a blood provider to greater than 250 hospitals throughout the US and the assault induced delays in blood assortment, testing and distribution, resulting in “vital blood scarcity” protocols at some clinics.
On the time, the non-profit group made an pressing name for the donation of O Constructive, O Unfavorable and Platelets, that are universally appropriate and can be utilized in pressing transfusions.
Final week, OneBlood started sending information breach notifications to affected people informing them that its investigation into the incident was accomplished on December 12, 2024 and decided that the precise date of the breach can be July 14, 2024.
The menace actor withheld entry to OneBlood’s community till July 29, a day after the healthcare group found the breach.
“Our investigation decided that between July 14 and July 29, 2024, sure recordsdata and folders have been copied from our community with out authorization,” the assertion reads. OneBlood Knowledge Breach Notification.
“The investigation decided that his title and Social Safety quantity have been included within the related recordsdata and folders,” the identical doc specifies.
Though blood assortment facilities sometimes gather extra data, reminiscent of cellphone numbers, bodily and electronic mail addresses, demographics, and medical historical past, the information uncovered is restricted to names and social safety numbers.
Names and Social Safety numbers can probably be used to commit identification theft and monetary fraud, and since they can’t be simply modified, the danger persists for a few years.
To mitigate this danger, OneBlood has included activation codes within the letter for a free one-year credit score monitoring service, which notification recipients have till April 9, 2025 to make the most of.
Moreover, affected people ought to take into account freezing credit score and reporting fraud on their accounts to keep away from monetary injury.
Though OneBlood made good on its unique promise to tell affected individuals concerning the potential publicity of their information, the six-month delay has left these individuals in danger.
The variety of individuals affected by the ransomware assault on OneBlood has not been disclosed.
