A ransomware attack on the nonprofit blood donation group disrupted blood supplies and exposed sensitive data from over 167,000 individuals.
OneBlood, a nonprofit that supplies blood to about 350 hospitals across the southeastern US, has agreed to pay up to $1 million to settle a class action lawsuit stemming from a ransomware attack in July 2024. Between July 14 and July 29, attackers accessed its systems, exfiltrated sensitive files, and deployed ransomware that forced the organization into manual operations. The breach impacted at least 167,400 individuals, exposing names and Social Security numbers.
The class action lawsuit, led by three individuals, claimed OneBlood failed to implement proper security controls that could have prevented the breach. OneBlood denies wrongdoing but agreed to settle to avoid the cost and risk of ongoing litigation.
According to BankInfoSecurity, hackers tied to the Russian-speaking group RansomHub infiltrated OneBlood’s systems for nearly two weeks before deploying ransomware, forcing hospitals to activate emergency blood shortage protocols at the height of hurricane season. RansomHub, a ransomware-as-a-service group that surfaced in February 2024, has carried out more than 200 attacks across critical sectors, including healthcare, government, and manufacturing. The group is known for stealing and leaking data from victims such as Rite Aid, the Florida Department of Health, and the Neurological Spine Institute of Savannah.
OneBlood publicly confirmed the attack in July 2024, noting that despite the disruption, it remained operational using manual methods. Hospitals were forced to implement emergency blood shortage protocols. AdventHealth and other health systems confirmed reduced capacity due to the incident.
Credit monitoring and identity theft protection were offered to affected individuals. OneBlood completed its breach investigation in December 2024 and began mailing notification letters the following month.
The ransomware disabled digital systems, forcing staff to rely on slower manual methods, which reduced the volume of blood that could be processed and distributed.
If total claims exceed the $1 million cap, individual payments will be reduced proportionally so all valid claims can be partially fulfilled within the limit.
Similar attacks, like those on Synnovis (UK) and OctaPharma Plasma (U.S.), also caused major disruptions to blood supplies, underscoring the vulnerability of healthcare infrastructure.
Yes. Class members can choose a $60 payment without submitting documentation, or up to $2,500 if they provide evidence of losses related to the breach.