ARI SHAPIRO, HOST:
The health care industry is under near-relentless attack by cybercriminals. The latest - hackers targeted a nonprofit blood donation center. It's impacting hospitals across the southeastern U.S. NPR cybersecurity correspondent Jenna McLaughlin is following the story. Hi, Jenna.
JENNA MCLAUGHLIN, BYLINE: Hey, Ari.
SHAPIRO: When did this attack happen, and what is the status of the outage right now?
MCLAUGHLIN: So it happened the Friday before last. The nonprofit blood bank, called OneBlood, which is similar to the Red Cross, announced that they were a victim of a cyberattack. And the hackers hit their systems for blood labeling, so they couldn't tell which one was O negative, which one was B positive. Their systems are coming back online now, but hospitals have been in emergency protocol for weeks.
SHAPIRO: What does that emergency protocol look like?
MCLAUGHLIN: Basically, they're canceling or postponing some nonemergency or critical surgeries, especially the ones that use a lot of blood. I spoke to Belle Amoroso in Florida. She and her husband, Tony Baker, who goes by Doc Dog, are tattoo and body piercing artists just outside Tampa. Baker was supposed to have open heart surgery, but his hospital was impacted by this breach. Belle told me about it. Take a listen.
BELLE AMOROSO: My husband of almost 40 years was set to go in for his pre-surgery registration and be scheduled to have open heart surgery. And we got a call from his actual surgeon in the morning on Tuesday morning, you know, asking if we had left yet. And that's how I heard. We were taken back. I didn't know that this sort of thing happens until now.
MCLAUGHLIN: By this sort of thing, she means cyberattacks on health care. Amoroso is actually a really prominent advocate for addiction awareness. She lost her son to fentanyl abuse earlier this year. But now she has this new fear, Ari, that health care is going to be unreliable when her family needs it thanks to hackers. There is good news, though. Doc's heart procedure was rescheduled and went ahead as planned. So that was a big relief for them.
SHAPIRO: OK, so if surgeries are still going forward, albeit under a lot of pressure and perhaps not as quickly as planned, is the impact here maybe not as bad as it could have been?
MCLAUGHLIN: It has been hairy. I talked to a nurse in Florida. She said they've been flying blood in from California for emergency surgeries, so that can't be sustainable forever. But I do think it could have been worse. For one, hospitals have a pretty simple solution to this problem. They've got blood drives. The same nurse told me that she went to donate immediately, and the blood banks were crowded with people who had heard the call and came in to donate. Meanwhile, the community of blood providers across the United States - they have some emergency protocols in place when things like this happen. They activated right away. Members like Red Cross surged to provide blood.
SHAPIRO: So you said this is just the latest health care cyberattack. Do you think this breach might change how cybersecurity is prioritized by health care systems?
MCLAUGHLIN: Gosh, Ari, I sure hope so. I mean, criminals know at this point that health care officials are going to pay because they want to get their systems back online to avoid a major crisis. But even when they do pay, there's often big disruptions. Surgeries are canceled. People can't get their prescriptions - things like that.
It is hard to directly link cyberattacks to patient deaths, but there are multiple peer-reviewed studies out there that conclude that ransomware attacks and delays in care can lead to bad outcomes for patients, especially the ones who have time crunches, like strokes and heart attacks. Government officials have said that cyber hygiene shouldn't be voluntary if we want this to stop. We'll see if anything happens. But at this point, no one across the health care supply chain should be surprised when they're the next victim.
SHAPIRO: That is NPR cybersecurity correspondent Jenna McLaughlin. Thank you.
MCLAUGHLIN: Thank you. Transcript provided by NPR, Copyright NPR.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.
