Ransomware Attack Disrupts New York Blood Center Operations
On January 26, 2025, New York Blood Center Enterprises (NYBCe), a nonprofit supplying blood to approximately 200 hospitals across the Northeast, detected suspicious activity within its IT systems, indicating a ransomware attack. The organization promptly initiated an investigation to assess and mitigate the breach’s impact.
This cyberattack exacerbates an already critical situation. Just days prior, on January 21, NYBCe had declared a blood emergency due to a 30% decline in donations during the December holiday season, which had severely impacted the region’s blood supply.
In the aftermath of the attack, NYBCe continues to accept blood donations; however, processing times may be longer than usual. Some donation center activities and blood drives have been canceled, with affected donors being notified accordingly. As of January 29, the organization has not provided a specific timeline for full system restoration.
A notice on NYBCe’s website emphasizes the importance of community support during this challenging period:
“Your support means everything to us. In the coming weeks, it may be necessary for us to do another push for more blood donations once we work through this challenge, and we will count on our community’s support. If you’re eligible, we encourage you to make a donation, and we appreciate your patience if you experience longer wait times or unexpected scheduling changes as we work through this. Thank you for your support.”
This incident is part of a troubling trend of ransomware attacks targeting blood donation centers. In April 2024, BlackSuit ransomware actors attacked Octapharma, a blood plasma provider, leading to the closure of more than 190 plasma donation centers in the U.S. and disruptions in the European Union. Similarly, in July 2024, the nonprofit OneBlood suffered a ransomware attack, forcing it to operate at reduced capacity with limited blood inventory.
In response to these incidents, the American Hospital Association (AHA) and the Health Information Sharing and Analysis Center (Health-ISAC) issued a joint bulletin warning about the effects of critical supply chain outages on patient care. They recommended that organizations give special consideration to critical supply chain entities, like blood suppliers, and develop backup plans in the event one of these suppliers experiences an outage.
The recent attack on NYBCe underscores the vulnerability of healthcare organizations to cyber threats and highlights the need for robust cybersecurity measures to protect critical infrastructure and patient care services.
