The New York Blood Center, a major U.S. blood bank, suffered a cyberattack in late January where hackers infiltrated its systems and exfiltrated sensitive donor data. The breach exposed records of nearly **194,000 blood donors**, including **medical histories, screening details, and infectious disease test results**. While the organization contained the threat and maintained operational continuity (blood collections, donor centers, and hospital services remained active), the incident triggered legal action from affected donors seeking **10 years of credit monitoring and monetary fines**. The attack underscores the healthcare sector’s vulnerability, following high-profile ransomware incidents like the **Change Healthcare breach (190M records)**. New York’s recent cybersecurity mandates for hospitals (72-hour breach reporting, enhanced protections) do not cover blood centers, highlighting regulatory gaps. The financial and reputational fallout remains significant, given the center’s **$600M annual revenue** and role in supplying **400+ hospitals** daily.
Source: https://www.crainsnewyork.com/health-pulse/new-york-blood-center-faces-lawsuits-over-cyberattack
TPRM report: https://www.rankiteo.com/company/new-york-blood-center
"id": "new3192731092625",
"linkid": "new-york-blood-center",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '194,000 donors',
'industry': 'healthcare',
'location': 'New York, USA',
'name': 'New York Blood Center',
'size': 'large (one of the largest blood banks in the '
'U.S.)',
'type': 'nonprofit blood bank'}],
'customer_advisories': ['letter sent to affected donors'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '194,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (medical and personally '
'identifiable information)',
'type_of_data_compromised': ['medical information',
'infectious disease test '
'results']},
'date_detected': 'late January 2024',
'description': 'The New York Blood Center, one of the largest blood banks in '
'the U.S., suffered a cyberattack in late January 2024. '
'Hackers breached its systems and copied donor information, '
'exposing data from nearly 194,000 blood donors nationwide, '
'including medical and infectious disease test results. The '
'incident has led to class-action lawsuits seeking credit '
'monitoring and monetary fines. The organization is '
'investigating with legal and forensic partners while '
'continuing normal operations.',
'impact': {'brand_reputation_impact': 'potential damage (class-action '
'lawsuits filed)',
'data_compromised': ['donor medical information',
'infectious disease test results'],
'identity_theft_risk': 'high (donor data exposed, credit '
'monitoring sought)',
'legal_liabilities': ['class-action lawsuits',
'potential monetary fines'],
'operational_impact': 'minimal (operations continued as normal)',
'systems_affected': ['computer systems']},
'initial_access_broker': {'high_value_targets': ['donor medical data']},
'investigation_status': 'ongoing (with legal and forensic partners)',
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'News article (unspecified)'}],
'regulatory_compliance': {'legal_actions': ['class-action lawsuits filed by '
'donors'],
'regulatory_notifications': ['donors notified as '
'required by law']},
'response': {'communication_strategy': ['notifying affected donors as '
'required by law'],
'containment_measures': 'immediate actions taken to contain the '
'threat',
'incident_response_plan_activated': True,
'third_party_assistance': ['legal partners',
'forensic partners']},
'title': 'Cyberattack on New York Blood Center Exposes Donor Data',
'type': ['data breach', 'cyberattack']}