OneBlood, a major blood donation organization serving over 250 hospitals across the United States, has confirmed a significant data breach resulting from a ransomware attack in July 2024. The incident, which forced the organization to resort to manual operations, led to disruptions in blood collection, testing, and distribution services.

The attack, occurring between July 14 and July 29, 2024, involved unauthorized access to the organization’s network and the encryption of virtual machines. This security breach prompted several hospitals to implement critical blood shortage protocols, particularly affecting supplies of O Positive, O Negative, and Platelet donations.

Following a comprehensive investigation completed on December 12, 2024, OneBlood revealed that threat actors had accessed and copied sensitive donor information, specifically names and Social Security numbers. While blood donation centers typically collect additional personal data, the exposure was reportedly limited to these two data points.

To address potential identity theft risks, OneBlood is offering affected individuals free one-year credit monitoring services, available for activation until April 9, 2025. The organization recommends that impacted donors implement credit freezes and fraud alerts as additional security measures.

While OneBlood has fulfilled its obligation to notify affected individuals, the six-month delay between the incident and notification has raised concerns about prolonged exposure to potential identity theft risks. The total number of affected donors remains undisclosed.