Best Practices for Shielding Blood Banks from Cyber Predators in 2025

2024 brought a trio of ransomware attacks targeting blood centers that led to shortages and canceled procedures across the United States and the United Kingdom. The first attack in April targeted Octapharma Plasma and caused nearly 200 blood plasma donation centers to suspend services.  The June attack against the British pathology laboratory, Synnovis, led to a nationwide shortage of type-O blood across the United Kingdom with thousands of procedures postponed or canceled. In August, an attack against the non-profit blood donation center, OneBlood, prompted the organization to urge hospitals to activate their critical shortage protocols.

According to reports, all signs point to different Russian-speaking ransomware gangs as the attacks’ perpetrators. In response to the attacks, the Food and Drug Administration (FDA) released the December 2024 bulletin, “Important Information for Blood Establishments Regarding Cybersecurity Resiliency.” In this bulletin, the FDA notes two considerations that become more complicated when incorporating Internet of Things (IoT) devices:

• Establishing, maintaining, and following standard operating procedures (SOPs) for preventing and mitigating cybersecurity incidents.
• Using the Department of Health and Human Services (HHS) Cybersecurity Performance Goals (CPGs) to implement high-impact cybersecurity practices

To enhance security, blood centers should consider whether their current security tools and monitoring enable them to mitigate risks arising from IoT devices. 

How is IoT Improving Blood Product Management?

As with other areas of healthcare, IoT devices and sensors have improved the storage and transportation of blood products. 

Some examples of automated blood bank systems that leverage IoT devices include:

• Plasma apheresis systems: separate donated blood components, like red blood cells, white blood cells, platelets, or plasma, and then return the other components to the donor.
• Centrifuges: to separate donated blood into components after the collection 
• Platelet incubators: to maintain ideal temperature and prevent clumping
• Blood distribution refrigerators: to maintain, monitor, and alert to changes in the temperature of stored blood product
• Transport coolers: to maintain consistent temperature for short-term storage and transportation 

These IoT devices enable blood centers to improve patient care and operations by:

• Reducing time to return blood tests and screenings
• Enhancing productivity with the ability to automate tasks
• Reducing human error risks related to handling materials and transcribing data
• Collecting data to reduce waste and identify potential donors more efficiently
• Increasing the amount of specific blood product types that can be donated

Why do Blood Centers Struggle to Manage IoT Device Security?

While IoT improves data collection, preservation, and transportation, it creates new access points attackers can use to gain unauthorized access to systems, networks, and data, including:

• Lack of visibility: Identifying, categorizing, and monitoring all connected IoT devices is difficult since they may connect and disconnect to networks intermittently, leading to shadow IT issues.
• Lack of standardized security requirements: No standards for IoT device security exist meaning that blood centers rely on manufacturers to determine baseline security. 
• Failure of traditional security tools: Enterprise IT tools, like active vulnerability scanners, can send requests when testing devices for vulnerabilities that disrupt IoT connectivity and cause business disruption. 
• Lack of security updates: Manufacturers may not provide timely updates to the IoT devices’ firmware so organizations may need to implement compensating controls. 

How the FDA Recommends Blood Centers Can Improve IoT Cybersecurity in 2025

The FDA bulletin starts by suggesting that blood establishments consider measures that prevent or mitigate cybersecurity incidents in the Standard Operating Procedures (SOPs) required by 21 CFR 606.100. Under the Biologics subchapter of Current Good Manufacturing Practice for Blood and Blood Components, blood centers must have written standard operating procedures for all steps in the collection, processing, compatibility testing, storage, and distribution of blood and blood components. 

Without IoT security incorporated into an organization’s plan for maintaining operations across the 22 subparagraphs, a cyberattack can compromise the organization’s compliance with CFR 606.100. To help align cybersecurity best practices with the rest of the healthcare industry, the FDA suggests that blood establishments map their controls and capabilities to the ten Essential Goals set out in the CPGs:

• Mitigate known vulnerabilities of organizational networks  
• Ensure email security
• Use multi-factor authentication
• Provide basic cybersecurity training
• Use strong encryption
• Revoke credentials for departing staff
• Perform basic incident planning and preparedness
• Utilize unique credentials
• Separate user and privileged accounts
• Maintain vendor/supplier cybersecurity requirements

To incorporate IoT into these activities, organizations need a purpose-built solution, like Asimily, that responds to the unique technological requirements of and security issues with these devices. 

Identify and Inventory Assets

Before an organization can engage in the CPG Essential Goals, it needs to know, inventory, and assess risk arising from the devices connected to its networks. 

Asimily’s passive monitoring technologies review network traffic and collect information from traffic flows without sending tests that can take IoT devices offline. With Asimily, blood centers can detect and fingerprint their IoT devices using the following information:

• Hardware: manufacturer, model, serial number
• Software: operating system, version, firmware revisions
• Device type and function
• Security assessment: vulnerabilities and risks

Further, with our platform, blood centers can identify software applications running on the network by inspecting packets rather than initiating traffic to analyze responses for safe, real-time:

• Device behavior analysis
• Risk assessment
• Threat detection
• Remediation

Identify Vulnerabilities, Suggest and Prioritize Simple Remediation Actions

With a comprehensive asset inventory, blood centers can begin to mature their overarching security. Attackers often exploit vulnerabilities as a way to gain authorized access to systems and networks. However, the risk that an individual vulnerability poses is contextual. For example, a device on a subnet with one other device poses a different risk than a device on a subnet with 100 devices. 

Asimily’s patented engine uses this context when prioritizing vulnerabilities by aggregating and analyzing:

• Security data that the manufacturer supplies
• Open-source software components that developers used
• Vulnerability criticality 
• Attacker tactics, techniques, and procedures (TTPs) that can use the vulnerability

By correlating this data, organizations can identify and prioritize high-risk devices that attackers are more likely to exploit.

Asimily also provides various remediations beyond updating the firmware, including:

• Deactivating unneeded services that won’t impact clinical function
• Using a Network Access Control (NAC) tool to block risky ports
• Hardening vulnerable devices by altering their configurations
• Implementing micro-segmentation for devices whose clinical function would be impaired by altering configurations

With actionable, simple recommendations, security and IT teams can improve security without relying solely on complex network configurations. 

Improve Incident Detection, Response, and Forensics

To implement the appropriate SOPs around cybersecurity and business disruption, blood centers need to include IoT devices as part of their threat detection and incident response plans. When security teams can detect anomalous behavior, they can trigger their incident response plans faster, like identifying communications with foreign IP addresses that could be malicious command and control (C2) servers. 

Asimily’s purpose-built IoT security and monitoring solution ensures that security and IT teams are effectively and efficiently collaborating. With Asimily, blood centers can leverage:

• Policy management: Setting granular level policies that integrate with the organization’s security information and event management (SIEM) tool for alerting teams to specific incidents and tailor policies on particular IoT device attributes 
• Packet capture: Continuously capturing data on an arbitrary or preprogrammed interval to aid detection and investigation, inform security teams more accurate, and improve due diligence
• Forensic analysis: Facilitating and accelerating the investigation process by collecting and analyzing raw network traffic

Asimily for Blood Establishment IoT Security

With Asimily’s patented vulnerability capabilities, you gain holistic visibility into all medical devices connected to your networks so that your IT and security teams can begin working toward a comprehensive security program. 

Blood centers can efficiently identify high-risk vulnerabilities with our proprietary, patented algorithm that cross-references vast amounts of data from resources like Manufacturer Disclosure Statements for Medical Device Security (MDS2s), Software Bills of Material (SBOMs), Common Vulnerability and Exposure (CVE) lists, the MITRE ATT&CK Framework, and NIST Guidelines. It understands your unique environment, so our deep contextual recommendation engine can provide real-time, actionable remediation steps to reduce risk and save time.

To learn how Asimily can help you manage your IoT device fleet’s security, contact us today.