The healthcare industry has been hit by a series of high-profile ransomware attacks targeting mission-critical suppliers, triggering widespread shortages and disruptions that have impacted patient care across multiple states. These incidents, orchestrated by various notorious cybercriminal groups, have exposed vulnerabilities in the healthcare supply chain and prompted urgent calls for enhanced security measures and contingency planning.
In late July 2024, OneBlood, a major blood supplier serving over 250 hospitals across five southeastern states, fell victim to a ransomware attack believed to be perpetrated by the RansomHub threat group. This cyber assault resulted in a shortage of blood and blood products, prompting the Florida Hospital Association to advise healthcare facilities to activate emergency protocols.
Just a few months earlier, in June, the UK's National Health Service (NHS) experienced turmoil when Synovis, a provider of pathology services, was targeted by the Qilin ransomware group. The attack led to the cancellation of over 800 operations and 700 outpatient appointments, exacerbating existing blood shortages as it became impossible to match donated units to electronic health records.
Additionally, in April, the BlackSuit ransomware group struck Octapharma Plasma, a blood plasma provider, forcing the temporary closure of its 190 U.S. plasma donation centers and manufacturing facilities. This attack further compounded the strain on the healthcare system's ability to meet patient needs.
These incidents followed the ransomware attack on Change Healthcare, widely regarded as the most important and far-reaching cybersecurity incident in the history of the healthcare industry. Virtually every hospital in the United States was directly or indirectly impacted by this attack, proving the vulnerability of the healthcare industry to supply chain disruptions.
While these ransomware attacks do not appear to be directly connected, as they were carried out by different threat actors, they collectively indicate a concerning trend: cybercriminals are increasingly targeting third-party infrastructure and suppliers that provide mission-critical and life-critical services to healthcare providers. By exploiting these vulnerabilities, ransomware groups increase the likelihood of ransom payments, as the disruption to patient care can be catastrophic.
In response to these events, Health-ISAC (Health Information Sharing and Analysis Center) and the American Hospital Association (AHA) have issued a joint threat bulletin, warning that the aggregate effect of multiple attacks on mission-critical suppliers could result in an unanticipated cascading effect on patient care, with exponentially greater consequences than a single incident.
Health-ISAC and the AHA have urged healthcare delivery organizations (HDOs), hospitals, and health systems to take immediate action to improve supply chain security and resilience. They recommend reviewing contingency plans for potential disruptions to the blood supply chain and other mission-critical medical supplies, as well as incorporating supply-chain outages and availability into overall risk management assessments.
The healthcare industry's reliance on complex supply chains and third-party vendors has created potential vulnerabilities that cybercriminals are actively exploiting. These ransomware attacks have exposed the consequences of disruptions which can ripple across multiple states and healthcare systems, jeopardizing patient safety and quality of care.
Ransomware is malware that holds a victim's data hostage by encrypting it or restricting access to the system. The attackers then demand a ransom in exchange for the decryption key or the restoration of system access.
Experts recommend a multi-layered approach to ransomware defense, including people-focused initiatives, advanced processes, and the deployment of the latest security technologies. Proactive measures to prevent initial access and minimize attack surfaces are necessary in the fight against these threats.
Collaboration, information sharing, and the development of new defensive strategies will be fundamental in the ongoing battle against ransomware. Governments, security vendors, and organizations must work together to stay ahead of the constantly changing tactics employed by cybercriminal groups.
Organizations should identify suppliers whose disruption could have consequences and build redundancy into their supply chain strategy, such as identifying alternative suppliers or using multiple sources for main supplies.