New York Blood Center Enterprises Confirms Data Breach

February 2, 2025HIPAA News0

New York Blood Center Enterprises (NYBCe), another U.S. blood donation company, encountered a ransomware attack. It is one of the United State’s biggest community-based, not-for-profit blood collection and supply companies. NYBCe has 19 donor centers in New Jersey and New York and supplies blood and stem cell products to about 70 hospitals in the state. With its operating sections in Connecticut, Kansas, Delaware, Missouri, Minnesota, Nebraska, Wisconsin, and Rhode Island, transfusion-connected services are supplied to over 500 hospitals across the country serving about 75 million individuals.

On January 26, 2025, NYBCe identified suspicious activity in its IT systems. Investigation by third-party cybersecurity professionals confirmed that the cause of the suspicious activity was a ransomware attack. The HIPAA-covered provider took steps to control the threat and remove the threat actor from its system. NYBCe’s work of system restoration is underway as fast and secure as possible. Law enforcement knows about the attack; steps are being enforced to reestablish its services and complete orders. NYBCe has been communicating regularly with hospital partners and working to lessen blood supply disruption.

At this phase, NYBCe cannot give a schedule for restoring its systems. Although the incident has impacted the operation of its IT network, all blood donor facilities stay in operation and its community blood drives still accept donations; nevertheless, the IT problems brought on by the ransomware attack suggest processing times will be longer than usual at its donation centers and blood drives. It may be necessary to reschedule several donation center activities and blood drives. On January 21, 2025, before the attack, NYBCe announced a blood emergency because of a 30% decrease in blood donations resulting in blood scarcity in the community. Some blood drives were canceled because of the attack.

At this time, it is uncertain which ransomware group launched the attack and if donor details were stolen. NYBCe is posting news updates on its site and will provide notifications to any impacted people when PHI theft is confirmed. Ransomware targets blood collection while distribution companies can result in serious interruption to blood supplies. A July 2024 ransomware attack on the blood company’s Florida-rational, OneBlood, interrupted blood supplies to the 350 healthcare benefits it serves in Alabama, Georgia, Florida, and North and South Carolina, compelling them to apply their critical blood shortage protocols. A ransomware attack on its way to the UK’s NHS in June 2024 caused major interruption to blood transfusions in London and lengthy blood shortages because of the useful reduction in capacity. A ransomware attack on the Swiss pharmaceutical company OctaPharma in April 2024 resulted in the shutdown of all blood plasma donation facilities in the United States for a number of weeks.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2025 ComplianceHome. All rights reserved.