The BlackSuit ransomware attacked the British pharmaceutical business Octapharma Plasma, affecting systems at over 160 plasma donation centers across 35 states in the United States. As a result, these centres have been temporarily closed while the company investigates the attack and works to restore the affected systems.
The banner on Octapharma Plasma’s website shows that all of its donation centres are presently unavailable due to network issues. These centers play a critical role in collecting, testing, and providing plasma to Octapharma Plasma AG’s European operations, where they transform it into life-saving treatments.
Octapharma Plasma generated over $3.5 billion in sales in 2023. Their haematology, immunotherapy, and critical care medicines, which serve hundreds of thousands of patients yearly, are accessible in 118 countries.
Recent ransomware variant BlackSuit seems to be an updated version of Royal, given coding similarities between the two. The infamous Russian group disappeared in June 2022, and Royal emerged as Conti’s replacement.
BlackSuit has been aggressively targeting healthcare and public health organisations; in November, the US Department of Health and Human Services issued a warning about this.
The ransomware group uses double-extortion techniques, first stealing sensitive files, then encrypting data on hacked networks, and demanding ransom payments. The criminals breached the security of the plasma giant’s VMware systems and then deployed the BlackSuit ransomware.
According to Octapharma’s spokesperson:
On April 17, we identified unauthorized activity in our network environment, which has disrupted certain parts of our operations. We are taking this matter very seriously. Upon learning of this event, we began conducting an investigation with outside experts to understand the impact. That investigation remains ongoing, and we do not have more to report at this time.
Octapharma Plasma Centers Reopen After BlackSuit Ransomware Attack
Octapharma has begun restoring some of its 160+ centres following a nearly week-long suspension due to a ransomware attack. The company changed their website banner to reflect these changes.
The company announced on its website and Facebook that all centres will be closed from April 17 to April 22. Some centres reopened with modified hours on Monday. The company advised that anyone who has appointments check the hours of operation by contacting their local office.
Ransomware can block patients’ access to critical medical care and pharmaceuticals by encrypting hospital and pharmacy systems. Furthermore, patients and donors entrust healthcare organisations with the security of their private medical and financial data. Breaching this trust might result in class-action lawsuits and investigations.
As a result, when faced with extortion, the healthcare industry is particularly vulnerable to ransom demands. This weakness makes the whole business a good target for financially motivated criminal groups using more aggressive extortion techniques to get medical facilities to pay.
Brett Callow, a threat analyst at security firm Emsisoft, highlighted the importance of governments improving security measures in the healthcare industry and supply chain.
Brett also added that disruptive incidents not only have an impact on patient care quality and medical results, but they also put additional burden on healthcare professionals’ already limited resources.
Help your colleagues keep a security-first mindset and boost your human firewall by starting your Phishing Tackle security awareness training today with our two-week free trial.