OneBlood to pay $1M in ransomware data breach settlement

A ransomware attack on the nonprofit blood donation group disrupted blood supplies and exposed sensitive data from over 167,000 individuals.

What happened

OneBlood, a nonprofit that supplies blood to about 350 hospitals across the southeastern US, has agreed to pay up to $1 million to settle a class action lawsuit stemming from a ransomware attack in July 2024. Between July 14 and July 29, attackers accessed its systems, exfiltrated sensitive files, and deployed ransomware that forced the organization into manual operations. The breach impacted at least 167,400 individuals, exposing names and Social Security numbers.

The class action lawsuit, led by three individuals, claimed OneBlood failed to implement proper security controls that could have prevented the breach. OneBlood denies wrongdoing but agreed to settle to avoid the cost and risk of ongoing litigation.

Going deeper

According to BankInfoSecurity, hackers tied to the Russian-speaking group RansomHub infiltrated OneBlood’s systems for nearly two weeks before deploying ransomware, forcing hospitals to activate emergency blood shortage protocols at the height of hurricane season. RansomHub, a ransomware-as-a-service group that surfaced in February 2024, has carried out more than 200 attacks across critical sectors, including healthcare, government, and manufacturing. The group is known for stealing and leaking data from victims such as Rite Aid, the Florida Department of Health, and the Neurological Spine Institute of Savannah.

What was said

OneBlood publicly confirmed the attack in July 2024, noting that despite the disruption, it remained operational using manual methods. Hospitals were forced to implement emergency blood shortage protocols. AdventHealth and other health systems confirmed reduced capacity due to the incident.

Credit monitoring and identity theft protection were offered to affected individuals. OneBlood completed its breach investigation in December 2024 and began mailing notification letters the following month.

FAQs

Why did the OneBlood attack disrupt blood supply operations?

The ransomware disabled digital systems, forcing staff to rely on slower manual methods, which reduced the volume of blood that could be processed and distributed.

What is a “pro rata decrease” in the context of the settlement?

If total claims exceed the $1 million cap, individual payments will be reduced proportionally so all valid claims can be partially fulfilled within the limit.

How does this incident compare to similar ransomware attacks on health services?

Similar attacks, like those on Synnovis (UK) and OctaPharma Plasma (U.S.), also caused major disruptions to blood supplies, underscoring the vulnerability of healthcare infrastructure.

Can class members receive compensation without documented losses?

Yes. Class members can choose a $60 payment without submitting documentation, or up to $2,500 if they provide evidence of losses related to the breach.