Introduction
New York Blood Center Enterprises (NYBCe) [2] [3] [4] [6] [7] [8], a prominent nonprofit blood center in the United States, is grappling with significant service disruptions following a ransomware attack [1]. This incident has compounded existing challenges related to blood supply shortages, necessitating urgent measures to restore operations and secure blood donations.
Description
New York Blood Center Enterprises (NYBCe) [2] [3] [4] [6] [7] [8], a major nonprofit blood center in the US [1] [5], is currently facing significant service disruptions due to a ransomware attack detected on January 26, 2025 [1] [5]. The organization first identified suspicious activity affecting its IT systems and confirmed the incident after launching an investigation with third-party cybersecurity experts [2]. In response to the threat [7], NYBCe implemented immediate containment measures, including taking certain systems offline on January 29, and is actively working to restore operations [2]. As of January 30, 2025 [4] [6], NYBCe’s systems had not yet been restored [4], and the timeline for recovery remains uncertain [1], with no specific date provided for when operations will return to normal [1].
This incident has exacerbated existing challenges, as NYBCe had recently declared a blood emergency due to a 30% drop in donations [6], which it attributed in part to the holiday season’s impact on the blood supply [6]. The organization urgently needs donations of all blood types [5], with some types reported as “dangerously low.” While blood donations are still being accepted, some donation center activities and blood drives may require rescheduling [5]. NYBCe is in communication with donor centers [3], hospital partners [5], and sponsors to implement workarounds for service restoration and to keep the community informed of any changes. The Association for the Advancement of Blood & Biotherapies (AABB) has activated its Interorganizational Task Force on Domestic Disasters and Acts of Terrorism to coordinate national resources and assist with the secure transportation of blood products [8], ensuring that blood is available for patients [8].
Law enforcement has been notified of the incident [2], but details regarding the identity of the attackers remain unknown [2], and there has been no claim of responsibility from any major ransomware group [5]. It is also unclear if any sensitive personal information was accessed or if a ransom demand was made. NYBCe serves over 75 million people and provides blood donations and products to approximately 400 hospitals across various states [2], including New York [2], Nebraska [2], Delmarva [2], Kansas [2], and Connecticut [2]. The organization is grateful for the community’s support, which may be crucial for increasing blood donations in the coming weeks as they navigate this challenge [3]. The blood community is urging eligible individuals to schedule appointments to donate blood to maintain a sufficient blood supply [8], emphasizing the importance of having blood readily available during emergencies [8].
This ransomware attack is part of a concerning trend of cybersecurity incidents affecting blood centers worldwide and follows previous incidents impacting organizations such as Octapharma in April 2024 and OneBlood in July 2024, both of which resulted in significant operational disruptions [6]. In light of these events, the American Hospital Association and the Health Information Sharing and Analysis Center have issued warnings about the potential impact of critical supply chain outages on patient care [6], urging organizations to develop backup plans for blood suppliers [6].
Conclusion
The ransomware attack on NYBCe highlights the vulnerability of critical healthcare infrastructure to cyber threats, underscoring the need for robust cybersecurity measures. The incident has intensified the urgency for blood donations, with the community’s support playing a vital role in addressing the shortage. As similar attacks on blood centers have occurred globally, there is a pressing need for the healthcare sector to enhance its resilience against such disruptions. Organizations are encouraged to develop comprehensive contingency plans to mitigate the impact of potential future incidents on patient care and blood supply chains.
References
[1] https://nationalcioreview.com/articles-insights/extra-bytes/new-york-blood-center-struggles-to-recover-from-ransomware-attack/
[2] https://www.infosecurity-magazine.com/news/ransomware-blood-donation-services/
[3] https://www.nybce.org/news/articles/cyber/
[4] https://straussborrelli.com/2025/01/30/new-york-blood-center-data-breach-investigation/
[5] https://techcrunch.com/2025/01/30/us-blood-donation-giant-warns-of-disruption-after-ransomware-attack/
[6] https://www.techtarget.com/HealthtechSecurity/news/366618347/Ransomware-attack-hits-New-York-Blood-Center-Enterprises
[7] https://www.darkreading.com/cyberattacks-data-breaches/two-attacks-target-healthcare-sector-adds-growing-list-ransomware-threats
[8] https://americasblood.org/press-release/blood-community-collaborating-to-maintain-stability-of-blood-supply-following-cybersecurity-incident-at-new-york-blood-center-enterprises/
