Florida-based nonprofit blood donation organization OneBlood Inc. has been struck by a ransomware attack that has stifled its operations across multiple U.S. states.

According to a statement from OneBlood, the ransomware attack is impacting its software system and the organization is working closely with cybersecurity specialists and law enforcement as part of a “comprehensive response to the situation.” The statement noted that although OneBlood remains operational and continues to collect, test and distribute blood, operations are at a “significantly reduced capacity.”

The ransomware attack has reportedly impacted the organization’s ability to ship blood products to hospitals in Florida and OneBlood has been forced to label blood products manually. OneBlood serves hospitals in Alabama, Florida, Georgia and North and South Carolina.

In an advisory to the hospitals it services, OneBlood asked them to activate their critical blood shortage protocols and to remain in that status for the time being.

The form of ransomware attack and whether data has been stolen have not been disclosed. Healthcare service providers are often popular targets of ransomware gangs thanks to their wealth of personally identifiable information. Generally they tend to be fairly easy targets because of budget restraints resulting in organizations such as OneBlood often not having top-class cybersecurity deployed.

“Every healthcare organization and hospital are targets of cybercriminals as most hacking groups are profiteers first and foremost,” Sean Deuby, principal technologist at enterprise identity protection and cyber resilience startup Semperis Ltd., told SiliconANGLE. “If that means attacking hospitals or their suppliers and suppliers such as OneBlood – at its core this is a classic supply chain attack – they’ll do it because their goals remain the same: make as much revenue as possible, as quickly as possible, without regard to the consequences of their actions.”

Deuby added that “since this attack is ‘upstream’ of clinical providers, they are putting patient care at risk of being disrupted. Also, hospitals and their suppliers are more likely to pay ransom because they’re dealing with life and death situations regularly.”

Photo: OneBlood