Healthcare Brew teases out the pain points and market flaws shown in a blood bank cyberattack.

https://www.healthcare-brew.com/stories/2024/08/13/ransomwares-newest-target-blood-banks

Ransomware’s newest target? Blood banks

As cyberattacks on blood banks rise, experts worry the US healthcare system isn’t ready for a future breach.

By Caroline Catherman    |    August 13, 2024

When hackers set their sights on a blood bank, the stakes aren’t just high, they’re life or death.

The nation saw that firsthand after a ransomware attack on July 29 against Florida-based blood bank OneBlood disrupted patient care, delayed elective procedures, and prompted the bank to tell more than 250 southeast hospitals to temporarily activate critical blood shortage protocols.

The hack knocked some of OneBlood’s systems offline, forcing staff to manually perform normally automated steps like blood labeling, according to a press release, which significantly slowed down deliveries to hospitals. In response, blood banks nationwide scrambled to send supplemental blood and platelets, an effort that the Association for the Advancement of Blood and Biotherapies (AABB) coordinated.As of August 8, business was back to normal and those supplemental shipments were no longer needed, the press release said. But the industry isn’t out of the woods yet.

Rewinding. The hack is one of three recent major worldwide attacks on life-sustaining supply chains, like blood banks, a joint threat bulletin by the American Hospital Association and the nonprofit Health Information Sharing and Analysis Center stated.

In April, the BlackSuit ransomware gang claimed it had hacked blood plasma provider Octapharma, which took its systems offline and closed 176 US plasma donation centers from April 17 to April 25, the company shared on its website.

As of August 1, June cyberattack on UK pathology provider Synnovis had postponed at least 9,423 acute outpatient appointments and 1,660 elective procedures—and counting, according to a release from the National Health Service. The system was still not fully back online. NHS is partnering with Synnovis to ensure people get the urgent care they need.

All these hacks were committed by seemingly unconnected Russian ransomware groups, according to the bulletin, though OneBlood spokesperson Susan Forbes declined to comment on whether a Russian group was involved in OneBlood’s hack.

“There appears to be a shift in pattern here, or a trend emerging, where Russian ransomware groups may be targeting life-critical and mission-critical supply chain[s], including blood supply,” John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, told Healthcare Brew.

Third-party supply chains tempt hackers because, instead of impacting one system like might happen in a targeted cyberattack, they can “cause maximum disruption to the healthcare sector,” Riggi said. What’s more, though experts typically “strongly discourage” paying ransoms, companies may pay if patients’ lives are in danger.

“It’s the equivalent of a life-threatening extortion,” he said.

Looking forward. And industry experts are worried the US isn’t doing enough to combat hackers.

“Clearly, the US government, collectively, as a policy, needs to do more to increase risk and consequence,” Riggi said. “Bottom line: These attacks are not only still occurring—they’re occurring at an increased pace.”

Riggi recommends health systems create backup plans that allow them to operate with a lack of access to critical supplies—like blood—from third-party vendors for 30 days or longer.

But Florida Hospital Association President and CEO Mary Mayhew said it’s difficult to have a backup plan in place due to how blood suppliers operate, especially in Florida, which gets over 80% of its blood from OneBlood. During the outage, Florida hospitals postponed transplant surgeries, and some pediatric patients lost access to life support extracorporeal membrane oxygenation (ECMO) machines because platelets weren’t available, Mayhew said.

Though hospitals got supplemental shipments, “they weren’t getting anywhere near enough,” she said—perhaps 20%–30% of their platelet supply, “if any.”

The issue was compounded because Florida hospitals weren’t allowed to have contracts with backup blood vendors; “OneBlood demanded that the contracts be exclusive,” Mayhew added.

“It wasn’t that hospitals wanted the exclusivity; OneBlood required the exclusivity in their contracts with hospitals,” Mayhew said.

This meant the hospitals had to spend extra time during the time-sensitive crisis identifying other blood centers, establishing relationships, and securing the blood.

Forbes told Healthcare Brew that “OneBlood does not have exclusive contracts with hospitals. The contracts state that OneBlood will be the hospital’s blood provider.” Hospitals “may obtain blood products from other suppliers to the extent the products are not available from OneBlood in a timely manner,” she said. “During the ransomware event, at no time did OneBlood request or prohibit any hospital it serves from obtaining blood products from other suppliers.”

Hospitals were also hampered by limited data about the national blood supply, Mayhew said. Leaders were left in the dark about how much blood they were going to get day to day and how much time shipments would have before their expiration dates, which made it difficult to make clinical decisions about what procedures and transfusions could be safely done.

“There is very little data transparency around that blood supply that would have better informed the predictability for hospitals of what they could anticipate receiving,” she said. “For nearly a week, they did not know what they were going to receive from OneBlood, and what they were receiving—if they received any—was substantially less than what they needed.”

Reinforcing the elemental truth that healthcare is first of all local.

Consolidated Pharma succumbed to data breach early in 2024, as reported by CyberGuy.

Clipped for length; the final segment includes pro tips to shield your sensitive information.

https://cyberguy.com/news/pharma-giants-data-breach-exposes-patients-sensitive-information/

Pharma giant’s data breach exposes patients’ sensitive information

Protect your sensitive information from bad actors with these 7 steps

by Kurt Knutsson     |    June 16, 2024

US pharmaceutical giant Cencora has been affected by a data breach. The company is notifying affected individuals that their personal and highly sensitive medical information was stolen during a cyberattack and data breach earlier this year. This includes patient names, postal addresses, dates of birth, as well as information about their health diagnoses and medications.

What happened: A breakdown of events

Cencora has not yet described the nature of the cyberattack. However, a report claims the attack began on February 21 and was not publicly disclosed until the company filed notice with government regulators a week later on February 27.

The pharmaceutical company, known as AmerisourceBergen until 2023, handles around 20% of the pharmaceuticals sold and distributed throughout the US. It’s unclear if Cencora has determined how many individuals are affected by the breach. The company says it has identified and notified roughly half a million individuals impacted by the data breach so far. However, Cencora acknowledged that it lacks complete address information for some affected people, so it published a notice on its website to reach them.

The cyberattack on pharmaceutical giant Cencora came to light shortly after another attack that disrupted Ascension’s hospital network. However, a Cencora spokesperson says that there’s “no connection” between the unauthorized activity at Cencora and the incidents at Change Healthcare or Ascension. 

Why should you care about the Cencora data breach?

Cencora is a major player in the US healthcare industry. The $250-billion firm partners with some of the largest pharmaceutical companies, including GlaxoSmithKline, Novartis, Genentech, Bayer, Regeneron, and Bristol Myers Squibb. The breach has affected at least 23 pharmaceutical and biotechnology companies, suggesting a broader impact than initially reported.

If you provided any of these companies with your data, it’s possible that the breach has exposed it to the web. The number of individuals affected by the Cencora data breach is expected to be very high. Cencora states on its website that it has served at least 18 million patients to date. It’s quite possible that the breach might have exposed the data of all these patients.

There may not be immediate harm from the data breach, but chances are your data is already in the hands of scammers on the dark web. They can use this data to scam, blackmail, and harass you. Since the data breach also leaks your address, scammers may try to scam you through the mail by asking for personal information or pretending to be a government authority.

The aftermath and response

Cencora completed its investigation into the breach on April 10, 2024. As part of its response, Cencora is offering 24 months of credit monitoring and remediation services to individuals whose information was involved in the incident. There is also an indication that a ransom may have been paid to prevent the leaked patient data from being released to the public.

Also, a class-action lawsuit has been filed against Cencora, alleging the company failed to properly safeguard patient data and delayed notifying affected individuals for nearly three months after discovering the breach.

We reached out to Cencora for a comment on this article, and a rep provided this statement:

Cencora previously disclosed that data from its information systems had been exfiltrated. Upon initial detection of the unauthorized activity, we immediately took containment steps and commenced an investigation with the assistance of law enforcement, cybersecurity experts and external counsel.   

 

Through our investigation, we have identified certain individuals whose personal information was involved in the incident. While there is no evidence that any of the information has been publicly disclosed or misused for fraudulent purposes, we are issuing notification to impacted individuals and working to ensure they have access to resources to help them protect their information.   

 

The incident is fully contained and did not impact our operations. We take the security of information entrusted to us very seriously and continue to work with cybersecurity experts to reinforce our systems and information security protocols.

<clip>