Ransomware attack hits New York Blood Center Enterprises

New York Blood Center Enterprises is responding to a ransomware attack that began on Jan. 26, 2025, and continues to disrupt its operations. New York Blood Center Enterprises said its operating divisions identified suspicious activity within its IT systems and immediately launched an investigation. The nonprofit, community-based organization supplies blood to approximately 200 hospitals across the Northeast.

Just days before the cyberattack occurred, New York Blood Center Enterprises (NYBCe) declared a blood emergency and issued an urgent call for donors following a 30% drop in donations. According to a Jan. 21, 2025, press release, the sudden drop in donations during the December holiday season "crippled the region's blood supply."

As the organization works to restore its systems in the aftermath of the ransomware attack, its blood supply remains in jeopardy. NYBCe said it is continuing to accept blood donations, but processing times might be longer than normal.

Some donation center activities and blood drives have been canceled, and donors are being notified of any changes.

As of its Jan. 29, 2025, update, NYBCe did not have a specific timeline for system restoration.

"Your support means everything to us. In the coming weeks, it may be necessary for us to do another push for more blood donations once we work through this challenge, and we will count on our community's support," a notice on the organization's website stated.

"If you're eligible, we encourage you to make a donation, and we appreciate your patience if you experience longer wait times or unexpected scheduling changes as we work through this. Thank you for your support."

NYBCe is not the first blood donation center to experience a ransomware attack in recent months.

In April 2024, BlackSuit ransomware actors attacked Octapharma, a blood plasma provider. The cyberattack resulted in the closure of more than 190 plasma donation centers in the U.S., as well as disruptions in the European Union.

In July 2024, blood donation nonprofit OneBlood suffered a ransomware attack, forcing it to operate at a reduce capacity with limited blood inventory.

Following the Octapharma and OneBlood cyberattacks, the American Hospital Association (AHA) and the Health Information Sharing and Analysis Center (Health-ISAC) released a joint bulletin warning the sector of the effects of critical supply chain outages on patient care.

The AHA and Health-ISAC recommended that organizations give special consideration to critical supply chain entities, like blood suppliers, and develop backup plans in the event one of these suppliers experiences an outage.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.