OneBlood Settles for $1M Following Ransomware Attack

Fraud Management & Cybercrime,
Healthcare,
Industry Specific

2024 Cyberattack Targeted Multiple Blood Suppliers Across the US and UK

Marianne Kolbasuk McGee
(HealthInfoSec) •
September 29, 2025

OneBlood Agrees to Pay $1M Settlement in Ransomware Hack
OneBlood has consented to pay $1 million as part of a settlement pertaining to a 2024 ransomware attack that compromised data from approximately 170,000 individuals. (Image: OneBlood)

OneBlood, a non-profit organization supplying blood to 250 hospitals across four states, has agreed to a $1 million settlement following a proposed class action lawsuit stemming from a ransomware attack in 2024. This incident exposed sensitive information regarding nearly 170,000 individuals.

See Also: New Attacks. Skyrocketing Costs. The True Cost of a Security Breach.

A preliminary settlement approved by a Broward County, Florida circuit court allows affected individuals to claim up to $2,500 for documented losses, or opt for a cash payment of $60. A final hearing is scheduled for December 9, with OneBlood denying any liability in the matter.

The attack was detected in late July 2024, during which cybercriminals infiltrated OneBlood’s network from July 14 to July 29. Investigations revealed that they potentially accessed data belonging to 167,400 individuals (see: OneBlood Notifying Donors Affected by 2024 Ransomware Hack).

The compromised data included personal identifiers, Social Security numbers, payment card information, and medical records encompassing physical and mental health details. OneBlood primarily services regions in Florida, Georgia, and the Carolinas.

Other recent attacks on blood suppliers include a ransomware breach at New York Blood Center Enterprises in January, which serves hospitals across multiple states (see: NY Blood Center Attack Disrupts Suppliers in Several States).

Additionally, an April 2024 incident involving Octapharma Plasma significantly hampered their blood collection and processing capabilities for weeks (see: Suspected Attack Shuts Down U.S. Blood Plasma Donation Centers).

Outside the United States, a serious ransomware attack in June 2024 on Synnovis, a UK-based pathology lab, severely disrupted patient care and testing services, leading to multiple canceled appointments and a nationwide shortage of type-O blood (see: NHS: Most Patient Services Online Following Synnovis Attack).

The repercussions of these cyber incidents have prompted responses from regulatory bodies, including the U.S. Food and Drug Administration and the Health Information Sharing and Analysis Center, to issue cyber preparedness alerts for healthcare organizations (see: Attacks on Blood Suppliers Trigger Supply Chain Warning).

Source link

Related Posts