In the face of a devastating cyberattack that threatened the provision of life-saving care by the Western Cape Blood Service (WCBS), technology partner Dimension Data stepped in to swiftly assist in the recovery process. Through its expertise, Dimension Data played a crucial role in restoring WCBS’s essential systems ensuring the continuity of critical medical services.
Around four o’clock in the morning, the Western Cape Blood Service’s (WCBS) Head of IT received a phone call informing them that its systems were not functioning. It was revealed that a cyberattack had occurred, preventing access to the system by encrypting workstations and disabling servers.
While an attack like this is any company’s nightmare, in this instance it was a threat to lifesaving care for thousands of people.
The WCBS holds a unique position as the sole provider of blood products in the region, supplying approximately 7,000 units per month. Its technology plays a vital role in ensuring that the correct patient receives the appropriate blood product when needed, while also maintaining the highest standards of safety for the blood supply.
The attack had a significant impact on the systems responsible for tracking blood from the veins of volunteer donors to the veins of patients. This disruption not only affected personal and health records but also prevented the service’s laboratories from conducting automated batch blood testing.
Although manual testing is possible as an alternative, it introduces considerable delays and lacks the inherent safeguards provided by the digital system.
Paying the hackers to regain access and rewarding their criminal actions was never considered as a viable option. Instead, the primary focus was directed towards recovering the systems that are essential for its medical services and restoring them as quickly as possible.
“It was quite frightening because I was worried about operational paralysis – that we would not be able to do what we need to do as a blood service for the next hours or perhaps days. It was also a little confusing why any entity thought it was a good idea to ransomware or cyberattack a non-profit entity that’s doing good,” said Dr Gregory Bellairs, CEO and Medical Director, WCBS.
Jacques Breslaw, Head of IT, WCBS, said: “If you haven’t been through something before, you think you know what to do. But when you bring in Dimension Data, they have done it before, and that just helps you recover so much quicker.”
When the cyberattack took place, Dimension Data and WCBS did not have an official contractual relationship in place. However, they had collaborated previously, and Dimension Data had generously provided some information security services to WCBS in the past. Given this prior working relationship, WCBS saw Dimension Data as the logical choice to seek assistance from to handle the crisis.
Dimension Data promptly assembled a team and took immediate action by first cutting off Internet access and isolating machines. The subsequent steps focused on containing the damage caused by the cyberattack and initiating the process of recovering the environment.
Furthermore, WCBS implemented CrowdStrike, a cutting-edge antivirus solution, which played a vital role in maintaining and managing its environment. This step was crucial in enhancing its system’s security and protecting it from future threats.
CrowdStrike, on request from Dimension Data, donated licenses to WCBS for a period of time to assist with containment and recovery. This was followed by a forensic investigation to identify the full extent of the attack.
The forensic investigations meticulously traced the precise details of how the attack unfolded. Fortunately, this valuable information can now be leveraged to prepare for and, hopefully, prevent future attacks.
Dimension Data and WCBS collaborated closely throughout the investigation process and jointly worked towards recovering from the attack. The core systems crucial to WCBS’s medical services were successfully restored and operational within a short span of just 36 hours following the cyberattack.
The cyberattack had a severe impact on WCBS’s ability to utilize its technology for ensuring the safe delivery of the appropriate blood product to the intended recipient in a timely manner. By encrypting workstations and disabling servers, the attack effectively blocked access to the organisation’s technology infrastructure and disrupted its core operations.
An attack of this nature is a nightmare for any organisation, but in this specific case, it posed a direct threat to the provision of life-saving care for thousands of individuals. WCBS holds a critical position as the sole provider of blood products in the region.
The cyberattack had a detrimental effect on WCBS’s service laboratories, rendering them unable to perform automated batch blood testing. While manual testing could be done as an alternative, it introduced significant delays in the process. Additionally, the attack temporarily disrupted the systems responsible for tracking blood from the veins of volunteer donors to the veins of patients, further impacting the efficiency and accuracy of the blood supply chain.
We asked Jacques Breslaw, Head of IT, Western Cape Blood Service, further questions to find out more.
Can you describe how the partnership with Dimension Data helped Western Cape Blood Service in recovering from the cyberattack?
At the time of the cyberattack, Dimension Data and the WCBS didn’t have a formal relationship with contracts in place. We had worked together in the past and Dimension Data had even donated some information security services to us. They seemed like the natural choice to reach out to for assistance in dealing with the crisis.
How did Dimension Data’s expertise and experience in managing cyberattacks benefit WCBS during the recovery process?
If you haven’t been through something before, you think you know what to do. But when you bring in Dimension Data, they have done it before. Their guidance and support helped us contain the attack and recover so much quicker.
What were the key technologies or solutions provided by Dimension Data that helped WCBS in managing the cyberattack?
Dimension Data quickly put a team together and started with cutting Internet access and isolating machines. The next steps were to contain the damage and recover the environment. In addition, we implemented CrowdStrike – a next-generation antivirus solution, which is an important part of maintaining and managing the environment. CrowdStrike (on request from Dimension Data) donated licenses to WCBS for a period of time to assist with the containment and recovery. This was followed by a forensic investigation to identify the full extent of the attack.
Can you explain how the forensic investigation conducted by Dimension Data helped WCBS to prevent future attacks?
Forensic investigations tracked exactly how the attack happened. This information can be used to prepare for, and hopefully prevent, future attacks.
How long did it take for WCBS to recover its systems after the cyberattack, and how did Dimension Data contribute to this timeline?
Dimension Data and the WCBS worked together to investigate the attack and recover from it. The core systems that underpin our medical services were up and running again just 36 hours after the attack.
In what ways did the cyberattack disrupt WCBS’s operations?
The cyberattack blocked access to the technology the organisation uses to safely get the right blood product to the right person at the right time. The cyberattack had blocked access to the environment by encrypting workstations and taking out servers.
While an attack like this is any company’s nightmare, in this instance it was a threat to lifesaving care for thousands of people. The WCBS is the only source of blood products in the region and issues about 7,000 units a month. Our technology ensures that the right patient gets the right blood product at the right time and that the blood is safe.
The attack prevented our service’s laboratories from doing automated, batch blood testing. While these tests can be done manually, the manual process causes significant delays. The attack also temporarily disrupted the systems that track blood from the volunteer donor’s vein to the patient’s vein.