The OneBlood ransomware attack forced 250+ hospitals onto critical shortage protocols and proved blood banks have no cybersecurity resilience

On July 29, 2024, the Russian-speaking ransomware group RansomHub attacked OneBlood, a nonprofit blood bank that supplies blood to more than 300 hospitals across Florida, Georgia, and the Carolinas. The attack knocked OneBlood's automated systems offline, forcing staff to manually label blood products — a process that normally takes seconds per unit but now took minutes, creating massive bottlenecks. Over 250 hospitals in the Southeast were told to activate critical blood shortage protocols. Florida hospitals postponed transplant surgeries. Some pediatric patients lost access to ECMO (extracorporeal membrane oxygenation) — a life support system — because platelets were not available. It took over a week for OneBlood to restore normal distribution operations. The attack exposed a fragility that should terrify every hospital administrator in America: the blood supply has almost no redundancy at the regional level. When OneBlood went down, there was no backup supplier that could step in and cover 300+ hospitals overnight. Hospitals that depended entirely on OneBlood had no secondary contracts, no emergency mutual-aid agreements with other blood centers, and no on-site inventory buffer large enough to last more than a few days. The "just-in-time" inventory model that most hospitals use for blood products — ordering what they need daily rather than stockpiling — works great for cost efficiency but collapses instantly when the single supplier goes offline. This happened because the blood banking industry has consolidated into a handful of large regional suppliers, each serving as the sole provider for hundreds of hospitals. OneBlood, Vitalant, and the American Red Cross together supply the vast majority of U.S. hospital blood. Most hospitals contract with one supplier. There is no federal requirement for hospitals to maintain emergency backup blood supply agreements, no mandated cybersecurity standards specific to blood centers, and no regional mutual-aid framework that automatically reroutes blood from unaffected suppliers to affected hospitals. Six months after the attack, OneBlood also disclosed a data breach affecting an undisclosed number of blood donors' personal information — adding a donor trust problem on top of the supply chain vulnerability.