In response to a series of ransomware attacks by Russian cybercrime gangs causing blood shortages and patient care disruptions in the US and UK, the American Hospital Association and Health-ISAC have issued a joint threat bulletin. The bulletin urges healthcare organizations to prepare for supply chain disruptions resulting from cyberattacks on third-party vendors, potentially impacting patient care delivery.
Recent attacks on blood suppliers include a ransomware incident at OneBlood in Florida in July, leading to shipping delays and blood shortages. In June, Synnovis in London experienced delays in care and surgeries due to a ransomware attack. Octapharma in April faced disruptions in blood plasma donations across 35 states. These incidents underscore the importance of incorporating critical suppliers into risk management plans.
Healthcare IT teams must assess the impact of supply chain outages on operations and patient care, identifying vulnerabilities and developing risk management strategies. The bulletin recommends evaluating the essentiality of third-party vendors and ensuring suitable alternatives are in place to mitigate potential consequences.