The New York Blood Center (NYBC), a major blood collection organization serving over 75 million people across multiple states, fell victim to a ransomware attack on January 26, 2024. The incident has forced the rescheduling of blood donor appointments and disrupted operations at the facility, which typically collects approximately 4,000 blood product units daily.

Upon detecting suspicious IT system activity, NYBC immediately engaged cybersecurity experts and implemented containment measures, including taking certain systems offline. The attack’s timing is particularly concerning as it coincides with NYBC’s recent declaration of a blood emergency, following a 30% decrease in donations resulting in 6,500 fewer collections.

While NYBC continues to accept donations, some appointments and blood drives have been canceled. The organization has not yet disclosed whether donor personal and health information was compromised during the attack.

This incident follows similar cyberattacks on blood donation organizations, including OneBlood’s data breach last summer and the Synnovis ransomware attack that affected London hospitals. In response to increasing healthcare security breaches, the U.S. Department of Health and Human Services has proposed updates to HIPAA regulations to enhance patient data protection.

NYBC maintains communication with hospital partners and is implementing alternative procedures to restore services and fulfill orders while working to resolve the cyber incident.