Health-ISAC, AHA Warn of Ransomware Attacks

Health-ISAC and the American Hospital Association (AHA) issued a joint threat bulletin to the healthcare industry warning that it should better prepare for ransomware attacks after a series of recent attacks by Russian cybercrime gangs.

The organizations warn that these recent ransomware attacks – which occurred in the United States and the United Kingdom – demonstrate that cyberattacks can have “massive impacts to patient care” such as blood shortages.

“Now that three critical third-party supply chain attacks have significantly impacted healthcare delivery in the past three months, it should serve as a wake-up call across the industry to address supply chain security and resilience,” the bulletin says. “Organizations should prioritize applying risk management assessment principles to their critical suppliers and partners.”

“Consider supply-chain outages, and availability, determine impact to business operations and care delivery, and identify alternative suppliers or use multiple suppliers to create redundancy. The idea is to eliminate the single points of failure in healthcare supply chains and minimize disruptions to healthcare delivery in the event of ransomware attacks on critical suppliers,” it adds.

Specifically, the bulletin points to the three recent ransomware attacks on OneBlood, Synnovis, and Octapharma.

In July, Florida-based blood supplier, OneBlood, was the target of a ransomware attack that impacted its ability to ship blood products to hospitals in the region – resulting in a “severe” blood shortage.

In June, pathology provider Synnovis was the victim of a ransomware attack by the QiLin ransomware gang “resulting in multiple London hospitals being unable to provide healthcare services.” This attack caused thousands of blood donations to be destroyed because hospitals were not able to access electronic health records to identify a patient’s blood type.

Finally, in April, the BlackSuit ransomware gang attacked blood plasma provider Octapharma. This attack resulted in the closure of over 190 plasma donation centers in 35 U.S. states.

“The attacks against Octapharma, Synnovis, and OneBlood appear to be unrelated and have been conducted by separate Russian-speaking ransomware groups,” the bulletin says.

“However, the unique nature and proximity of these ransomware attacks – targeting aspects of the medical blood supply chain within a relatively short time frame, is concerning. These incidents provide ample reason and impetus for [healthcare delivery organizations], hospitals, and health systems to review contingency plans for possible disruption to the blood supply chain and other mission and life-critical medical supplies,” it concludes.