Recent cyberattacks against OneBlood and McLaren Health Care shed light on the operational challenges that targeted organizations face
By: Jill McKeon, Associate Editor Published: 09 Aug 2024 on TechTarget
Healthcare cyberattacks often result in data breaches, affecting the privacy of patients. However, as recent healthcare cyber incidents have shown, operational disruptions are common when cyber threat actors target an organization.
In late July and early August 2024, the healthcare sector faced numerous cyberattacks and data breaches, some resulting in operational challenges and significant system downtime.
McLaren Health Care institutes downtime procedures following cyberattack
McLaren Health Care, a Michigan-based healthcare system, notified patients on August 7 that a criminal cyberattack resulted in disruptions to its information technology and phone systems beginning August 6.
The health system consists of 13 hospitals as well as ambulatory surgery centers and a physician network.
According to a notice posted on McLaren’s website, McLaren immediately activated its downtime procedures once it became aware of the attack. At the time of publication, several McLaren systems continued to operate in downtime procedures.
Despite the disruptions, McLaren said that its facilities are “largely operational” and remain open. However, the health system had to cancel some non-emergency appointments, tests and treatments as it worked to recover from the cyberattack.
“In addition, we are also actively working with our vendor partners and insurance providers to ensure our supply chain is not impacted and insurance authorizations are processed for care and treatments,” the notice stated.
Although its facilities remain operational, the cyberattack has affected the health system’s ability to operate to its fullest extent. For example, patients were directed to bring a list of current medications, printed physician orders for imaging studies or treatments and printed results of recent lab tests to their upcoming appointments as the disruptions continued.
Even with well-rehearsed incident response plans and downtime procedures, healthcare cyberattacks that target critical systems are bound to cause operational troubles.
OneBlood works to restore critical systems following ransomware attack
On August 6, blood donation nonprofit OneBlood informed the public that it had restored the critical systems used to manage its daily operations, following a ransomware attack that occurred on July 29.
When the ransomware attack occurred, OneBlood informed hospitals across the Southeastern United States that it was operating at a “significantly reduced capacity,” rendering it unable to provide blood to hospitals at its typical volume.
OneBlood urged the public to donate blood immediately if they could. Blood centers nationwide sent blood and platelets to OneBlood, and the AABB Interorganizational Disaster Task Force also provided resources and assistance.
“Manual processes take longer to perform. We felt the impact of this the most when it came to labelling blood for release to hospitals,” said Susan Forbes, OneBlood senior vice president of corporate communications and public relations.
“Despite the challenges, we have remained operational throughout the ransomware event. Blood drives are taking place, our donor centers have remained open, and we continue to see a tremendous response from OneBlood donors answering the call for blood and platelet donations.”
The incident underscored the importance of healthcare supply chain security and the operational risks that have the potential to multiply when an organization faces a cyberattack.
Ransomware attack hits blood donation nonprofit
Blood donation nonprofit OneBlood is operating at a “significantly reduced capacity” due to a ransomware attack affecting its software system.
Blood donation nonprofit OneBlood is actively responding to a ransomware attack that is affecting its ability to operate and provide blood to hospitals at its typical volume. According to a notice posted on OneBlood’s website on July 31, 2024, the company is operating at a “significantly reduced capacity, which impacts inventory availability.”
OneBlood provides blood to more than 250 hospitals in Alabama, Florida, North Carolina, South Carolina and Georgia.
OneBlood is continuing to collect, test and distribute blood to hospitals at a reduced capacity. Due to these limitations, OneBlood urged eligible donors to donate blood immediately, with an urgent request for O-positive, O-negative and platelet donations.
The company said that the national blood community is rallying to assist OneBlood and hospitals in need. Blood centers nationwide are sending blood and platelets to OneBlood, and the AABB Disaster Task Force is providing national resources to assist.
The blood supply cannot be taken for granted. The situation we are dealing with is ongoing. If you are eligible to donate, we urge you to please make an appointment to donate as soon as possible.Susan ForbesSenior vice president of corporate communications and public relations, OneBlood
OneBlood said it was working with cybersecurity specialists as well as state, federal and local agencies to respond to the incident. OneBlood said it was too early in its investigation to tell whether personal information was compromised as part of the ransomware attack.
“The blood supply cannot be taken for granted. The situation we are dealing with is ongoing. If you are eligible to donate, we urge you to please make an appointment to donate as soon as possible,” said Susan Forbes, senior vice president of corporate communications and public relations at OneBlood.
Toby Gouker, Ph.D., chief security officer, of government and digital health at First Health Advisory, suggested that the healthcare cyber community can look to the blood supply shortages during the pandemic and other past supply chain disruptions to predict how this incident might unfold.
“This is business continuity, it does not matter that it started with a cyberattack,” Gouker stated. “Like Change Healthcare, the cyber incident launched a financial business continuity response. This is a resource continuity issue almost immediately.”
Gouker predicted that hospitals would postpone elective surgeries to conserve blood for emergencies and redistribute blood supplies where they are most needed, based on response efforts from past shortages.
As the event continues to unfold, healthcare cybersecurity experts have also raised concerns about how this ransomware attack will affect patient safety and hospital operations.
“Clearly ransomware has evolved from an annoyance to a potentially dangerous threat to human life. The attacks on healthcare have shown how little regard these attackers have for human life and safety,” said Erich Kron, security awareness advocate at KnowBe4.
“In this case, the organization can fall back to manual procedures. However, even with that in place, not only is it significantly slower, but the potential for human error when processing the blood is naturally increased, increasing risk to patients who receive it.”
Brad Marsh, RN, executive vice president, of government and digital health at First Health Advisory, stressed the value of OneBlood’s transparency during the incident so far.
“These entities can utilize their previously practiced emergency contingency plans to keep operations rolling with patient safety in focus,” Marsh told TechTarget Editorial.
“But this incident should serve as a continued reminder that attackers are pinpointing our vulnerabilities and no one is immune.”
Healthcare Provider Cybersecurity
WIT Protect
Cybersecurity in healthcare settings is essential to protect sensitive patient data and maintain trust.
By guarding against cyber threats you can comply with regulations, secure online transactions and ensure data integrity while preventing financial losses.
Shielding Your Healthcare Services with Unrivaled Cybersecurity.
In a digital era filled with cyber threats, ensuring the security of your healthcare services is crucial. Western I.T. Group introduces WIT Protect, a comprehensive cybersecurity package providing robust defence against the ever-evolving landscape of viruses and malware.
Why is it important to have cybersecurity measures in place within healthcare settings?
Having robust cybersecurity in healthcare settings is vital for several reasons:
- Protection of Sensitive Patient Data: Healthcare providers handle a vast amount of sensitive patient information, including personal and medical histories, contact details, and insurance information. Cybersecurity measures are crucial to protect this data from unauthorized access, theft, or breaches, ensuring compliance with privacy laws like HIPAA.
- Maintaining Patient Trust: Patients trust you with their personal and health information. A breach in cybersecurity could compromise this trust, potentially damaging your clinic’s reputation. Strong cybersecurity helps maintain and build trust by demonstrating a commitment to safeguarding patient information.
- Regulatory Compliance: Healthcare providers, including dental clinics, are required to comply with various health information security regulations. Cybersecurity measures ensure that your clinic adheres to these legal requirements, avoiding potential legal repercussions and fines.
- Protection Against Cyber Threats: Healthcare providers are susceptible to cyber threats like malware, ransomware, and phishing attacks. like any other business, are vulnerable to cyber threats such as malware, ransomware, phishing attacks, and data breaches. Cybersecurity solutions protect your clinic’s digital infrastructure from these threats, ensuring operational continuity.
- Securing Online Transactions: If your clinic offers online services such as appointment booking, payments, or access to patient portals, cybersecurity measures are essential to secure these transactions and protect against financial fraud.
- Data Integrity and Accessibility: Reliable cybersecurity measures ensure that patient records and clinic data are not only protected but also accurately maintained and readily available for healthcare delivery.
- Preventing Financial Losses: Cyber-attacks can lead to significant financial losses due to downtime, data recovery costs, legal fees, and fines. Investing in cybersecurity can prevent such losses and is more cost-effective than dealing with the aftermath of a breach.
Why is WIT Protect the ideal partner for cybersecurity solutions in Healthcare settings?
Anti-virus and Malware Protection
At the core of WIT Protect lies its cutting-edge anti-virus and malware protection. We comprehend the invaluable nature of your digital assets and the urgency to safeguard them from malicious software. Our innovative three-prong defence strategy guarantees the integrity of your system, instilling you with confidence even in the face of cyber threats.
Complete Defense, Backup, and Recovery Solutions
WIT Protect goes beyond mere protection. Our package encompasses an all-inclusive three-prong defence mechanism that assures the resilience of your business. With us by your side, you can rest easy, knowing your systems are routinely backed up and primed for swift recovery, even in the most challenging circumstances.
Preparedness for Every Contingency
From natural calamities to cyber onslaughts, your business should stand prepared for every eventuality. WIT Protect is not just a cybersecurity package; it’s a partnership that recognizes the gravity of securing your digital assets. Commencing at a nominal cost of $20 per user per month, WIT Protect furnishes an indispensable layer of defence that is both potent and cost-effective.
Holistic Protection, Unsurpassed Assurance
Western I.T. Group believes your attention should remain fixated on growing your enterprise, unburdened by cybersecurity concerns. With WIT Protect, your back is covered – ensuring your data’s safety, the system’s robustness, and your business’s unwavering continuity. Immerse yourself in the unparalleled assurance that comes with an impregnable digital fortress.
