Hackers Target Plasma Donation Center

On April 24th, 2024, hackers known as BlackSuit stole the Social Security numbers, birthdates and addresses of living and dead plasma donors.

BY JAMES CONRAD

In a place and time where most people are short of money, especially in the Bay Area during the post-Reagan epoch, selling plasma can make the periods between paydays easier to navigate. 

The company I do business with is Octapharma. Founded in Switzerland in 1983, they operate more than 190 plasma donation centers across Europe and the United States. They manufacture medicine used to treat bleeding disorders, autoimmune and neurological diseases, cancer, and patients who experience traumatic injuries, major surgeries or both. The benefits for being a donor go beyond the extra money and the attaboy factor that comes with saving lives. 

For example, It has provided me with a good incentive to make improvements to my diet. Considering that I have been struggling with my weight since the coronavirus quarantine and have 25 stubborn pounds I ought to charge rent to, this can only be a good thing.I also have come to enjoy the rituals surrounding my visits – the low-fat meal plan starting the day before, the spliff outside the Coliseum BART station followed by a relaxing 40-minute walk with jazz and deep breathing exercises, the jokes I make about how fat I got during quarantine as they weigh me, and trying to see how much I can plasma I can yield with each extraction cycle.

Normally, I get to do this two times a week. However, around 20 April, when I tried to check my next eligible date, the app on my phone wouldn’t load. I checked again several minutes later, then an hour later, even turning my phone off and then on again and there was no change. The following morning, I received a notification on my phone telling me that due to a system outage, the app would be unavailable and that all donation centers would be closed. I called the facility on Bancroft to ask more information, and the person on the phone told me it was a computer problem, that they would possibly open by Tuesday, 23 April.

Though the ordeal only lasted less than a week, it felt a lot longer, especially since the price of groceries has been going through the fucking roof since quarantine ended and since I had to panic-buy a new phone and a new pair of jeans, neither of which are exactly cheap these days. Plus, I was just coming back from a two-week furlough to replenish the protein that is depleted through plasmapheresis.

Overcome with curiosity, during this stressful time, I Googled “Octapharma computer outage” and learned that the company was made the target of a malicious cyberattack on April 15. According to an article from The Register, an unnamed source blamed a gang of cybercriminals known as BlackSuit, stating: “IT management don’t give a shit about security and they are now learning a lesson.” 

BlackSuit used a malicious software called ransomware, in which a healthcare provider’s computer system is locked until the hackers are paid the money they demand. In order to continue providing adequate care, the healthcare organization most often will choose to pay the ransom. According to the American Healthcare Association, 94 percent of hospitals have experienced financial impact as of March 2024, with some facilities losing upwards of $1 billion per day.

On 24 April 2024, the BlackSuit gang claimed credit for the attack against Octapharma, boasting that they stole the Social Security numbers, birthdates and addresses of living and dead donors along with data from plasma donor centers and laboratories, including financial and business records and personal information relevant to employees. So, not only was I cut off from a reliable source of income, but now I had to worry about some miscreant getting a hold of my information so that they can rob me blind. In a panic, I called the Social Security Association and set it up so that nobody else could access my information electronically using my Social Security number.

The attack on Octapharma is not an isolated incident. Since 2016, there has been an increasing rash of ransomware attacks against healthcare facilities. In 2020 alone, 34 percent of healthcare companies were hacked. Since 2023, that number has nearly doubled, with six out of every ten being affected. Because the healthcare industry hasn’t been prioritizing cybersecurity owing to time and budget constraints, hackers view healthcare companies as a goldmine of personal information to be sold to would-be identity thieves on the black market.

In addition to putting healthcare employees and patients at risk for identity theft, ransomware attacks disrupt treatment schedules for patients, delaying treatments that are often time-sensitive, thereby unnecessarily putting lives at risk. In that case, the healthcare industry had better double down on cybersecurity before this problem continues to spiral out of control.

Broke-Ass Stuart works because of reader support. Join us now.

Howdy! My name is Katy Atchison and I'm an Associate Editor for Broke-Ass Stuart.

I want to take the time to say thank you for supporting independent news media by reading BrokeAssstuart.com. Supporting independent news sources like Broke-Ass Stuart is vital to supporting our community because it amplifies the voices of a wide variety of diverse opinions. You also help support small businesses and local artists by sharing stories from Broke-Ass Stuart.

Because you're one of our supporters, I wanted to send over a pro-tip.

Our bi-weekly newsletter is a great way to get round ups of Broke-Ass Stuart stories, learn about new businesses in The Bay Area, find out about fun local events and be first in line for giveaways.

If you’d like to get our newsletter, signup right here, it takes 5 seconds.