ORANGE COUNTY, Fla. — Cyber experts stress the importance of vigilance and proactive steps to protect personal data after a ransomware breach that exposed millions of patient social security numbers, birth dates, and addresses.
▶ WATCH CHANNEL 9 EYEWITNESS NEWS
After months of the hack, Oneblood is now letting people know their personal information has been exposed in a hack.
Oneblood was named in a lawsuit after a client received a notice of the exposure months after the company knew about the hack.
The company said the hack was from a data breach in July of 2024.
Read: OneBlood donor social security numbers compromised in hack
Despite knowing about the hack, the lawsuit states the company did not tell patients until January 2025.
Oneblood has yet to disclose the full extent of the data breach.
The breach, which compromised Oneblood’s data systems, has left many donors concerned about the security of their sensitive information, including names, addresses, phone numbers, and possibly even medical histories.
Read: FHP: Multi-vehicle crash in Orange County leaves 3 dead and 1 seriously injured
Cybersecurity experts warn that such attacks often involve the theft of sensitive information that can be used for identity theft, phishing schemes, or other malicious purposes.
The incident serves as a reminder of the risks posed by cyberattacks and the critical importance of strong data security practices for organizations handling sensitive information.
Read: Crooked Can Brewery’s Lake County expansion clears hurdle
As Oneblood works to rebuild trust with its donors, experts emphasize the need for heightened vigilance and ongoing education about cybersecurity threats.
Oneblood has sent Channel 9 statement:
“OneBlood has been working with cybersecurity specialists to determine the full scope of the event and if personal data was accessed. OneBlood worked as quickly as possible to conduct the investigation and subsequently notify impacted individuals. The cyber incident OneBlood experienced was contained, and OneBlood provided notification to the affected individuals in accordance with relevant law. OneBlood is also offering affected individuals complimentary identity monitoring.”
Joshua Taylor, Owner of Black Bear Cybersecurity, LLC, points to several ways Oneblood’s data may have been breached.
“Phishing emails are oftentimes attachments that employees may not know were sent by a hacker.
Taylor said with unpatched software, hackers often exploit vulnerabilities in outdated software or systems that have not received recent security updates.
The class action lawsuit filed Wednesday against Oneblood, states the company failed to secure and safeguard personal information that was stored in its network network.
The ransomware attack affected over 250 hospitals in Florida, Georgia, North, and South Carolina.
Click here to download our free news, weather and smart TV apps. And click here to stream Channel 9 Eyewitness News live.
©2025 Cox Media Group
