Skip to content
Menu
menu

Illustration by iStock; Security Management

AHA and Health-ISAC Jointly Call For Action After Ransomware Attacks on Critical Suppliers

The American Hospital Association and Health-ISAC issued a joint threat bulletin in response to recent ransomware attacks that resulted in significant disruptions to patient care.

“Organizations should prioritize applying risk management assessment principles to their critical suppliers and partners. Consider supply-chain outages and availability, determine impact to business operations and care delivery, and identify alternative suppliers or use multiple suppliers to create redundancy,” the bulletin said. “The idea is to eliminate the single points of failure in healthcare supply chains and minimize disruptions to healthcare delivery in the event of ransomware attacks on critical suppliers.”

The attackers were allegedly members of Russian cybercrime ransomware gangs, although the attacks seem to be unrelated. The consequences of the attacks on Octapharma, OneBlood, and Synnovis earlier this year stress the need for supply chain security and resilience, according to the bulletin.

On 15 April, the ransomware group BlackSuit attacked Octapharma, a blood plasma provider. By exploiting a vulnerable VMWare system, BlackSuit’s attack resulted in the closure of more than 190 plasma donation centers throughout 35 U.S. states, as well as plasma manufacturing facilities. Sensitive donor information and donor-protected health information was stolen during the attack.

As a result of the attack, Octapharma centers—which provider almost 75 percent of the plasma supply the company uses in therapies—had to delay the transfer of plasma to hospitals, and the delay is expected to have caused major disruptions to patient care in the United States and the European Union.

On 3 June, the QiLin ransomware gang attacked Synnovis, a pathology provider. This attack left multiple London hospitals unable to provide healthcare services, forcing the hospitals to reschedule roughly 700 appointments and postpone more than 800 operations.

Because of the attack, thousands of O-negative and O-positive blood donations were destroyed since the lack of a connection to electronic health records could not supply information on the patient’s blood type.

The most recent attack occurred on 30 July, a ransomware attack resulted in a software outage for OneBlood, a Florida-based blood supplier. The outage impacted OneBlood’s ability to ship blood products to regional hospitals, forcing the company to manually label blood samples.

Due to the additional time it took to label the samples, there were major shipping delays that resulted in a blood shortage. The company provides blood to approximately 250 hospitals in Alabama, Florida, Georgia, North Carolina, and South Carolina, according the HIPAA Journal.

“These ransomware incidents demonstrate how catastrophic failures can occur in healthcare delivery when mission-critical and life-critical suppliers are attacked,” the bulletin said.

Neal Dennis, Sr., a threat intelligence analyst for Cyware, noted that given the importance of blood suppliers in the larger healthcare supply chain, information sharing and collaboration can help healthcare organizations respond more effectively to cyber threats and protect patient care. “By integrating mission-critical and life-critical third-party suppliers into their enterprise risk management plans, organizations can enhance resilience,” Dennis said.

 

arrow_upward