ActivismHealthcareNewsPoliticsSan FranciscoSelf CareSF Bay Area

Hackers Target Plasma Donation Center

Updated: May 16, 2024 09:45
The Bay's best newsletter for underground events & news

On April 24th, 2024, hackers known as BlackSuit stole the Social Security numbers, birthdates and addresses of living and dead plasma donors.

BY JAMES CONRAD

In a place and time where most people are short of money, especially in the Bay Area during the post-Reagan epoch, selling plasma can make the periods between paydays easier to navigate. 

The company I do business with is Octapharma. Founded in Switzerland in 1983, they operate more than 190 plasma donation centers across Europe and the United States. They manufacture medicine used to treat bleeding disorders, autoimmune and neurological diseases, cancer, and patients who experience traumatic injuries, major surgeries or both. The benefits for being a donor go beyond the extra money and the attaboy factor that comes with saving lives. 

For example, It has provided me with a good incentive to make improvements to my diet. Considering that I have been struggling with my weight since the coronavirus quarantine and have 25 stubborn pounds I ought to charge rent to, this can only be a good thing.I also have come to enjoy the rituals surrounding my visits – the low-fat meal plan starting the day before, the spliff outside the Coliseum BART station followed by a relaxing 40-minute walk with jazz and deep breathing exercises, the jokes I make about how fat I got during quarantine as they weigh me, and trying to see how much I can plasma I can yield with each extraction cycle.

Normally, I get to do this two times a week. However, around 20 April, when I tried to check my next eligible date, the app on my phone wouldn’t load. I checked again several minutes later, then an hour later, even turning my phone off and then on again and there was no change. The following morning, I received a notification on my phone telling me that due to a system outage, the app would be unavailable and that all donation centers would be closed. I called the facility on Bancroft to ask more information, and the person on the phone told me it was a computer problem, that they would possibly open by Tuesday, 23 April.

Though the ordeal only lasted less than a week, it felt a lot longer, especially since the price of groceries has been going through the fucking roof since quarantine ended and since I had to panic-buy a new phone and a new pair of jeans, neither of which are exactly cheap these days. Plus, I was just coming back from a two-week furlough to replenish the protein that is depleted through plasmapheresis.

Overcome with curiosity, during this stressful time, I Googled “Octapharma computer outage” and learned that the company was made the target of a malicious cyberattack on April 15. According to an article from The Register, an unnamed source blamed a gang of cybercriminals known as BlackSuit, stating: “IT management don’t give a shit about security and they are now learning a lesson.” 

Local Journalism for Working stiffs

We write for the poets, busboys, and bartenders. We cover workers, not ‘tech’, not the shiny ‘forbes 100 bullshit’. We write about the business on your corner and the beer in your hand. Join the Bay's best newsletter.

BlackSuit used a malicious software called ransomware, in which a healthcare provider’s computer system is locked until the hackers are paid the money they demand. In order to continue providing adequate care, the healthcare organization most often will choose to pay the ransom. According to the American Healthcare Association, 94 percent of hospitals have experienced financial impact as of March 2024, with some facilities losing upwards of $1 billion per day.

On 24 April 2024, the BlackSuit gang claimed credit for the attack against Octapharma, boasting that they stole the Social Security numbers, birthdates and addresses of living and dead donors along with data from plasma donor centers and laboratories, including financial and business records and personal information relevant to employees. So, not only was I cut off from a reliable source of income, but now I had to worry about some miscreant getting a hold of my information so that they can rob me blind. In a panic, I called the Social Security Association and set it up so that nobody else could access my information electronically using my Social Security number.

The attack on Octapharma is not an isolated incident. Since 2016, there has been an increasing rash of ransomware attacks against healthcare facilities. In 2020 alone, 34 percent of healthcare companies were hacked. Since 2023, that number has nearly doubled, with six out of every ten being affected. Because the healthcare industry hasn’t been prioritizing cybersecurity owing to time and budget constraints, hackers view healthcare companies as a goldmine of personal information to be sold to would-be identity thieves on the black market.

In addition to putting healthcare employees and patients at risk for identity theft, ransomware attacks disrupt treatment schedules for patients, delaying treatments that are often time-sensitive, thereby unnecessarily putting lives at risk. In that case, the healthcare industry had better double down on cybersecurity before this problem continues to spiral out of control.

Previous post

The Hunt Begins: SF's Transformed into an Interactive Playground with PURSUIT

Next post

San Francisco Bay Ferry to Add Lines, Expand Service


Guest Writer

Guest Writer

We write for busboys, poets, social workers, students, artists, musicians, magicians, mathematicians, maniacs, yodelers and everyone else out there who wants to enjoy life not as a rich person, but as a real person. Namely, we write for you.

We’re currently looking to expand our author pool. If you’re snarky, know what’s happening in your town, and good at making your fingers type out funny words, then you might be just the person we’re looking for. Email alex@brokeassstuart.com with some writing samples if you're interested. Cheers