The largest blood collection center in the United States, New York Blood Center (NYBC), was targeted by a ransomware attack known as the Mount Program, prompting the organization to cancel planned donor activities. The incident took place on January 28, when NYBC employees detected suspicious activity in their IT infrastructure.
Upon discovering the threat, the center’s experts quickly took action to contain it by shutting down certain systems and engaging third-party cybersecurity professionals to investigate the attack. The confirmation of the ransomware attack as the cause of the disruption was revealed by NYBC officials. Efforts are currently underway to restore service operations while still accepting blood donors.
As a result of the cyber attack on NYBC, some planned donor events had to be postponed. Despite this setback, the center is still collecting blood and advising some donors to reschedule their appointments. The challenge is compounded by a critical shortage of blood supplies, which NYBC had reported just days prior to the incident. A 30% decrease in donor numbers led to a shortage of 6500 units of blood, putting at risk the supply to regional medical facilities.
The potential theft of donors’ personal or medical information during the breach remains uncertain. However, it’s common for ransomware groups to not only encrypt data but also exfiltrate it for future extortion. To date, no known hacker groups have claimed responsibility for the attack.
Established in 1964, NYBC encompasses multiple regional blood banks and serves a population of over 75 million individuals in the United States. Each day, its network of donor centers collects approximately 4,000 units of blood, distributing them to more than 400 medical institutions nationwide.
The incident involving NYBC is not the first of its kind in the blood donation sector. In August 2024, the nonprofit organization Oneblood experienced a data breach affecting its donors due to a Mount Program attack. Similarly, London hospitals faced a blood shortage in June 2024 following an attack on Synnovis, a laboratory service provider. There was also the breach on the Health Health Healthcare system, impacting 190 million people.
Attacks on medical organizations are on the rise, with hackers recognizing the critical nature of their services and exploiting it for their own gain. Despite the ongoing threat, NYBC emphasized its commitment to prioritizing patient and hospital safety above all else, even in light of the