NYBC
Company Details
Linkedin ID:
new-york-blood-center
Website:
Employees number:
1,051
Number of followers:
10,110
NAICS:
62
Industry Type:
Homepage:
nybc.org
IP Addresses:
0
Company ID:
NEW_2781146
Scan Status:
In-progress
New York Blood Center Company CyberSecurity Posture
nybc.org
Founded in 1964, New York Blood Center (NYBC) is a nonprofit organization that is one of the largest independent, community-based blood centers in the world. NYBC, along with its partner organizations Community Blood Center of Kansas City, Missouri (CBC), Innovative Blood Resources (IBR), Blood Bank of Delmarva (BBD), and Rhode Island Blood Center (RIBC), collect approximately 4,000 units of blood products each day and serve local communities of more than 45 million people in the Tri-State area (NY, NJ, CT), Mid Atlantic area (PA, DE, MD), the Kansas City metropolitan area, Minnesota, Nebraska, Rhode Island, and Southern New England. NYBC and its partners also provide a wide array of transfusion-related medical services, including Comprehensive Cell Solutions, the National Center for Blood Group Genomics, the National Cord Blood Program, and the Lindsley F. Kimball Research Institute, which — among other milestones — developed the Hepatitis B vaccine and a patented solvent detergent plasma process innovating blood-purification technology worldwide.
New York Blood Center A.I CyberSecurity Scoring
NYBC Risk Score (AI oriented)Between 0 and 549
NYBC
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
NYBC Global Score (TPRM)XXXX
NYBC
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
NYBC Company CyberSecurity News & History
Past Incidents
5
Attack Types
2
New York Blood Center
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The New York Blood Center, a major U.S. blood bank, suffered a cyberattack in late January where hackers infiltrated its systems and exfiltrated sensitive donor data. The breach exposed records of nearly **194,000 blood donors**, including **medical histories, screening details, and infectious disease test results**. While the organization contained the threat and maintained operational continuity (blood collections, donor centers, and hospital services remained active), the incident triggered legal action from affected donors seeking **10 years of credit monitoring and monetary fines**. The attack underscores the healthcare sector’s vulnerability, following high-profile ransomware incidents like the **Change Healthcare breach (190M records)**. New York’s recent cybersecurity mandates for hospitals (72-hour breach reporting, enhanced protections) do not cover blood centers, highlighting regulatory gaps. The financial and reputational fallout remains significant, given the center’s **$600M annual revenue** and role in supplying **400+ hospitals** daily.
New York Blood Center Enterprises (NYBCe)
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: In January 2025, New York Blood Center Enterprises (NYBCe) suffered a data breach exposing the personal and sensitive information of **193,822 individuals**. The compromised data included **names, Social Security numbers, state-issued IDs (e.g., driver’s licenses), bank account details (for direct deposit participants), health information, and test results**. An unauthorized party accessed NYBCe’s network between **January 20–26, 2025**, acquiring copies of internal files. While no cybercriminal group has publicly claimed responsibility, the breach forced NYBCe to take immediate containment measures to mitigate disruption to critical blood and medical services. The organization is offering affected individuals **free credit and identity monitoring** via Experian. The incident ranks as the **fourth-largest healthcare breach of 2025** in the U.S. by records compromised. NYBCe, a nonprofit serving over **75 million patients** across 600+ hospitals, did not disclose whether ransomware was involved or if a ransom was paid.
New York Blood Center (NYBC)
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The New York Blood Center, a key non-profit blood bank in operation since 1964, supplies vital blood resources to around 200 hospitals in the Northeast United States. An unfortunate ransomware attack disrupted their IT systems, leading to appointment rescheduling. This incident occured at a critical moment when the NYBC was already facing a blood emergency due to declining donations and a concurrent rise in COVID cases. The attack's timing aggravated their operational challenges, although the extent of data compromise and its direct effects on patients or blood donors remain unclear.
New York Blood Center
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: New York Blood Center, one of the largest independent blood centers in the U.S. serving over 75 million people, suffered a ransomware attack in January 2024. Hackers accessed its network between January 20 and 26, exfiltrating sensitive data before deploying ransomware. The breach compromised **patient data** (names, health information, test results) and **employee information** (Social Security numbers, driver’s licenses, government IDs, and financial account details for current/former staff). Over **10,557 Texas residents** were confirmed affected, though total victim counts remain undisclosed. The organization, which supplies ~4,000 blood units daily to 400+ hospitals, also had **clinical data** tied to services like apheresis, cell therapy, and diagnostic testing exposed. The attack disrupted operations, required a months-long investigation (concluded June 30), and triggered regulatory notifications. The incident aligns with a broader trend of ransomware targeting blood service providers, including OneBlood and Synnovis.
New York Blood Center
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The New York Blood Center (NYBC) experienced a ransomware attack leading to the disruption of its operations, including the rescheduling of appointments. While the center continues to accept blood donations, processing times may be delayed. The attack's timing exacerbated the already critical situation due to a recent blood emergency declared following a decline in donations and a rise in COVID cases. There has been no confirmation about the exfiltration of sensitive data, and restoration efforts for affected systems are ongoing without a specified timeline for full recovery.
NYBC Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for NYBC
Incidents vs Hospitals and Health Care Industry Average (This Year)
New York Blood Center has 294.74% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
New York Blood Center has 368.75% more incidents than the average of all companies with at least one recorded incident.
Incident Types NYBC vs Hospitals and Health Care Industry Avg (This Year)
New York Blood Center reported 3 incidents this year: 0 cyber attacks, 1 ransomware, 0 vulnerabilities, 2 data breaches, compared to industry peers with at least 1 incident.
Incident History — NYBC (X = Date, Y = Severity)
NYBC cyber incidents detection timeline including parent company and subsidiaries
NYBC Company Subsidiaries
Founded in 1964, New York Blood Center (NYBC) is a nonprofit organization that is one of the largest independent, community-based blood centers in the world. NYBC, along with its partner organizations Community Blood Center of Kansas City, Missouri (CBC), Innovative Blood Resources (IBR), Blood Bank of Delmarva (BBD), and Rhode Island Blood Center (RIBC), collect approximately 4,000 units of blood products each day and serve local communities of more than 45 million people in the Tri-State area (NY, NJ, CT), Mid Atlantic area (PA, DE, MD), the Kansas City metropolitan area, Minnesota, Nebraska, Rhode Island, and Southern New England. NYBC and its partners also provide a wide array of transfusion-related medical services, including Comprehensive Cell Solutions, the National Center for Blood Group Genomics, the National Cord Blood Program, and the Lindsley F. Kimball Research Institute, which — among other milestones — developed the Hepatitis B vaccine and a patented solvent detergent plasma process innovating blood-purification technology worldwide.
Loading...
NYBC Similar Companies
Headquartered in Utah with locations in six primary states and additional operations across the western U.S., Intermountain Health is a nonprofit system of 33 hospitals, 400+ clinics, a medical group of more than 4,800 employed physicians and advanced care providers, a health plan division called Se
OhioHealth
OhioHealth is a nationally recognized, not-for-profit, faith-based health system of more than 35,000 associates, providers and volunteers. We lead with our mission to improve the health of those we serve throughout our 16 hospitals and 200+ urgent, primary and specialty care sites spanning 50 Ohio c
The Netcare Group (JSE: NTC) offers a unique, comprehensive range of medical services across the healthcare spectrum, enabling us to serve the health and care needs of each individual who entrust their care to us. Our focus on implementing sophisticated digital systems will enable us to provide care
Rochester Regional Health
Rochester Regional Health, headquartered in Rochester, NY, is an integrated health services organization serving the people of Western New York, the Finger Lakes, St. Lawrence County, and beyond. We are dedicated to helping our community stay healthy and live fulfilling lives. Together, we find the
DaVita means “to give life,” reflecting our proud history as leaders in dialysis—an essential, life-sustaining treatment for those living with end stage kidney disease (ESKD). Today, our mission is to minimize the devastating impacts of kidney disease across the full spectrum of kidney health care.
Banner Health
Headquartered in Arizona, Banner Health is one of the largest nonprofit health care systems in the country. The system owns and operates 33 acute-care hospitals, Banner Health Network, Banner – University Medicine, academic and employed physician groups, long-term care centers, outpatient surgery ce
Ramsay Health Care
Ramsay Health Care is a trusted provider of private hospital and healthcare services in Australia, Europe and the United Kingdom. Every year, millions of patients put their trust in Ramsay, confident in our ability to deliver safe, high-quality healthcare with outstanding clinical outcomes. We ope
Atrium Health
Atrium Health, part of Advocate Health, is redefining how, when and where care is delivered. We are rethinking methods of care delivery to reach more people and bringing human kindness to every step of their health journey. Our dedication to elevating health care for every individual, every teammate
Corewell Health
People are at the heart of everything we do, and the inspiration for our legacy of outstanding outcomes, innovation, strong community partnerships, philanthropy and transparency. Corewell Health is a not-for-profit health system that provides health care and coverage with an exceptional team of 65,0
.png)
NYBC CyberSecurity News
November 24, 2025 06:11 AM
Blood donation giant warns of issues following ransomware attack
New York Blood Center confirms suffering a ransomware attack, tells donors to stay away.
October 14, 2025 07:00 AM
SimonMed discloses 1.27M-record healthcare data breach
Radiology practice SimonMed disclosed a large healthcare data breach that was claimed by the Medusa ransomware group.
October 12, 2025 07:00 AM
How New York State can guard its cyber borders
As New York's attorney general, my top priority was protecting consumers from fraud, scams, and corporate misconduct.
September 29, 2025 07:00 AM
25 Recent Cyber Attacks That Serve as a Wake-Up Call for Businesses
Cyberattacks in 2025 have hit airlines, automakers, banks, and even city services, causing major disruptions and exposing sensitive data.
September 26, 2025 07:00 AM
New York Blood Center faces lawsuits after data breach exposed 194K donors
Blood donors from other states are suing the New York Blood Center for failing to promptly notify them about a cyberattack that compromised...
September 20, 2025 07:00 AM
New York Blood Center confirms it notified 194k people of data breach
New York Blood Center (NYBCe) Enterprises has confirmed that it had notified 193,822 people of a data leak in a January 2025 breach.
September 20, 2025 07:00 AM
North Carolina healthcare center informs 456K people of data breach
Goshen Medical Center has started informing 456385 people that their data has been accessed in a cyberattack.
September 19, 2025 07:00 AM
Major blood center says data leaked in ransomware attack
Major ransomware attack on New York Blood Center exposed sensitive patient and employee data, highlighting security gaps in healthcare.
September 18, 2025 07:00 AM
New York Blood Center data breach sees 200,000 affected - and you might not even know you've been hit
NYBCE suffered a cyberattack in January 2025, exposing sensitive patient and financial data; Victims may include those with SSNs,...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
NYBC CyberSecurity History Information
Official Website of New York Blood Center
The official website of New York Blood Center is http://www.nybloodcenter.org.
New York Blood Center’s AI-Generated Cybersecurity Score
According to Rankiteo, New York Blood Center’s AI-generated cybersecurity score is 460, reflecting their Critical security posture.
How many security badges does New York Blood Center’ have ?
According to Rankiteo, New York Blood Center currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does New York Blood Center have SOC 2 Type 1 certification ?
According to Rankiteo, New York Blood Center is not certified under SOC 2 Type 1.
Does New York Blood Center have SOC 2 Type 2 certification ?
According to Rankiteo, New York Blood Center does not hold a SOC 2 Type 2 certification.
Does New York Blood Center comply with GDPR ?
According to Rankiteo, New York Blood Center is not listed as GDPR compliant.
Does New York Blood Center have PCI DSS certification ?
According to Rankiteo, New York Blood Center does not currently maintain PCI DSS compliance.
Does New York Blood Center comply with HIPAA ?
According to Rankiteo, New York Blood Center is not compliant with HIPAA regulations.
Does New York Blood Center have ISO 27001 certification ?
According to Rankiteo,New York Blood Center is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of New York Blood Center
New York Blood Center operates primarily in the Hospitals and Health Care industry.
Number of Employees at New York Blood Center
New York Blood Center employs approximately 1,051 people worldwide.
Subsidiaries Owned by New York Blood Center
New York Blood Center presently has no subsidiaries across any sectors.
New York Blood Center’s LinkedIn Followers
New York Blood Center’s official LinkedIn profile has approximately 10,110 followers.
NAICS Classification of New York Blood Center
New York Blood Center is classified under the NAICS code 62, which corresponds to Health Care and Social Assistance.
New York Blood Center’s Presence on Crunchbase
No, New York Blood Center does not have a profile on Crunchbase.
New York Blood Center’s Presence on LinkedIn
Yes, New York Blood Center maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/new-york-blood-center.
Cybersecurity Incidents Involving New York Blood Center
As of December 02, 2025, Rankiteo reports that New York Blood Center has experienced 5 cybersecurity incidents.
Number of Peer and Competitor Companies
New York Blood Center has an estimated 30,278 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at New York Blood Center ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach and Ransomware.
How does New York Blood Center detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an remediation measures with restoration efforts ongoing, and and communication strategy with notification letters (mailed starting 2024-09-05), communication strategy with website notice, communication strategy with dedicated call center, and and third party assistance with experian (credit/identity monitoring), and containment measures with immediate actions to contain the threat and reduce disruption, and communication strategy with public notice to victims; free credit/identity monitoring offered; call-in verification for affected patients, and and third party assistance with legal partners, third party assistance with forensic partners, and containment measures with immediate actions taken to contain the threat, and communication strategy with notifying affected donors as required by law..
Incident Details
Can you provide details on each incident ?
Title: Ransomware Attack on New York Blood Center
Description: The New York Blood Center (NYBC) experienced a ransomware attack leading to the disruption of its operations, including the rescheduling of appointments. While the center continues to accept blood donations, processing times may be delayed. The attack's timing exacerbated the already critical situation due to a recent blood emergency declared following a decline in donations and a rise in COVID cases. There has been no confirmation about the exfiltration of sensitive data, and restoration efforts for affected systems are ongoing without a specified timeline for full recovery.
Type: Ransomware
Title: Ransomware Attack on New York Blood Center
Description: The New York Blood Center, a key non-profit blood bank in operation since 1964, supplies vital blood resources to around 200 hospitals in the Northeast United States. An unfortunate ransomware attack disrupted their IT systems, leading to appointment rescheduling. This incident occurred at a critical moment when the NYBC was already facing a blood emergency due to declining donations and a concurrent rise in COVID cases. The attack's timing aggravated their operational challenges, although the extent of data compromise and its direct effects on patients or blood donors remain unclear.
Type: Ransomware
Title: Ransomware Attack on New York Blood Center
Description: One of the largest independent blood centers serving over 75 million people across the U.S. suffered a ransomware attack in January 2024. Hackers accessed the network between January 20 and 26, exfiltrating patient and employee data before deploying ransomware. The stolen information included names, health data, test results, Social Security numbers, driver’s licenses, government IDs, and financial account information for some current and former employees. Notification letters were mailed to victims starting September 5, 2024.
Date Detected: 2024-01-26
Date Publicly Disclosed: 2024-09-05
Date Resolved: 2024-06-30
Type: ransomware
Title: New York Blood Center Enterprises Data Breach (January 2025)
Description: New York Blood Center Enterprises (NYBCe) confirmed a data breach in January 2025 that exposed personal information of 193,822 individuals, including names, Social Security numbers, state-issued ID numbers, bank account info (for direct deposit participants), health information, and test results. The breach occurred between January 20 and January 26, 2025, when an unauthorized party accessed the network and acquired copies of files. No cybercriminal group has publicly claimed responsibility. NYBCe took immediate containment actions and offered free credit/identity monitoring to victims via Experian.
Date Detected: 2025-01-26
Type: Data Breach
Title: Cyberattack on New York Blood Center Exposes Donor Data
Description: The New York Blood Center, one of the largest blood banks in the U.S., suffered a cyberattack in late January 2024. Hackers breached its systems and copied donor information, exposing data from nearly 194,000 blood donors nationwide, including medical and infectious disease test results. The incident has led to class-action lawsuits seeking credit monitoring and monetary fines. The organization is investigating with legal and forensic partners while continuing normal operations.
Date Detected: late January 2024
Type: data breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware NEW000020225
Data Compromised: No confirmation
Systems Affected: Operational systems
Downtime: Ongoing
Operational Impact: Rescheduling of appointments, delayed processing times
Incident : Ransomware NEW000020925
Systems Affected: IT systems
Operational Impact: Appointment rescheduling
Incident : Data Breach NEW3292232091725
Systems Affected: Internal computer systems
Operational Impact: Disruption to critical services (reduced via containment)
Brand Reputation Impact: Potential reputational harm due to exposure of sensitive health and financial data
Identity Theft Risk: High (SSNs, bank account info, and health data exposed)
Payment Information Risk: Moderate (bank account info for direct deposit participants)
Incident : data breach NEW3192731092625
Data Compromised: Donor medical information, Infectious disease test results
Systems Affected: computer systems
Operational Impact: minimal (operations continued as normal)
Brand Reputation Impact: potential damage (class-action lawsuits filed)
Legal Liabilities: class-action lawsuitspotential monetary fines
Identity Theft Risk: high (donor data exposed, credit monitoring sought)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Patient Names, Health Information, Test Results, Employee Social Security Numbers, Driver’S Licenses, Government Id Cards, Financial Account Information, Clinical Data From Healthcare Providers, , Names, Social Security Numbers, State-Issued Id Numbers (E.G., Driver’S License), Bank Account Information (Direct Deposit Participants), Health Information, Test Results, , Medical Information, Infectious Disease Test Results and .
Which entities were affected by each incident ?
Incident : Ransomware NEW000020225
Entity Name: New York Blood Center
Entity Type: Organization
Industry: Healthcare
Location: New York
Incident : Ransomware NEW000020925
Entity Name: New York Blood Center
Entity Type: Non-profit organization
Industry: Healthcare
Location: Northeast United States
Customers Affected: 200 hospitals
Incident : ransomware NEW4302343091025
Entity Name: New York Blood Center
Entity Type: non-profit organization
Industry: healthcare (blood services)
Location: New York, USA (serving nationwide)
Size: large (serves 75+ million people, 400+ hospitals)
Customers Affected: 10557
Incident : Data Breach NEW3292232091725
Entity Name: New York Blood Center Enterprises (NYBCe)
Entity Type: Non-profit organization
Industry: Healthcare (Blood/Stem Cell Services, Pharmaceuticals, Medical Testing)
Location: New York, USA
Size: 10 locations; collaborates with 600+ hospitals; served 75M+ patients
Customers Affected: 193,822 individuals
Incident : data breach NEW3192731092625
Entity Name: New York Blood Center
Entity Type: nonprofit blood bank
Industry: healthcare
Location: New York, USA
Size: large (one of the largest blood banks in the U.S.)
Customers Affected: 194,000 donors
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Ransomware NEW000020225
Remediation Measures: Restoration efforts ongoing
Incident : ransomware NEW4302343091025
Incident Response Plan Activated: True
Communication Strategy: notification letters (mailed starting 2024-09-05)website noticededicated call center
Incident : Data Breach NEW3292232091725
Incident Response Plan Activated: True
Third Party Assistance: Experian (Credit/Identity Monitoring).
Containment Measures: Immediate actions to contain the threat and reduce disruption
Communication Strategy: Public notice to victims; free credit/identity monitoring offered; call-in verification for affected patients
Incident : data breach NEW3192731092625
Incident Response Plan Activated: True
Third Party Assistance: Legal Partners, Forensic Partners.
Containment Measures: immediate actions taken to contain the threat
Communication Strategy: notifying affected donors as required by law
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Experian (credit/identity monitoring), , legal partners, forensic partners, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware NEW000020225
Data Exfiltration: No confirmation
Incident : ransomware NEW4302343091025
Type of Data Compromised: Patient names, Health information, Test results, Employee social security numbers, Driver’s licenses, Government id cards, Financial account information, Clinical data from healthcare providers
Number of Records Exposed: 10557
Sensitivity of Data: high (PII, PHI, financial data)
Data Encryption: True
Incident : Data Breach NEW3292232091725
Type of Data Compromised: Names, Social security numbers, State-issued id numbers (e.g., driver’s license), Bank account information (direct deposit participants), Health information, Test results
Number of Records Exposed: 193822
Sensitivity of Data: High (PII, financial, and health data)
Incident : data breach NEW3192731092625
Type of Data Compromised: Medical information, Infectious disease test results
Number of Records Exposed: 194,000
Sensitivity of Data: high (medical and personally identifiable information)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Restoration efforts ongoing.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by immediate actions to contain the threat and reduce disruption and immediate actions taken to contain the threat.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware NEW000020225
Data Exfiltration: No confirmation
Incident : Data Breach NEW3292232091725
Data Exfiltration: True
Incident : data breach NEW3192731092625
Data Exfiltration: True
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : ransomware NEW4302343091025
Regulatory Notifications: MaineTexasNew HampshireCalifornia
Incident : Data Breach NEW3292232091725
Regulatory Notifications: Oregon Attorney General (193,822 victims reported)
Incident : data breach NEW3192731092625
Legal Actions: class-action lawsuits filed by donors,
Regulatory Notifications: donors notified as required by law
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through class-action lawsuits filed by donors, .
References
Where can I find more information about each incident ?
Incident : ransomware NEW4302343091025
Source: New York Blood Center website notice
Incident : ransomware NEW4302343091025
Source: Regulatory filings (Maine, Texas, New Hampshire, California)
Incident : Data Breach NEW3292232091725
Source: Comparitech
Incident : Data Breach NEW3292232091725
Source: New York Blood Center Enterprises Public Notice
Incident : data breach NEW3192731092625
Source: News article (unspecified)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: New York Blood Center website notice, and Source: Regulatory filings (Maine, Texas, New Hampshire, California), and Source: Comparitech, and Source: New York Blood Center Enterprises Public Notice, and Source: News article (unspecified).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Ransomware NEW000020225
Investigation Status: Ongoing
Incident : ransomware NEW4302343091025
Investigation Status: completed (as of 2024-06-30)
Incident : Data Breach NEW3292232091725
Investigation Status: Ongoing (as of publication)
Incident : data breach NEW3192731092625
Investigation Status: ongoing (with legal and forensic partners)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notification Letters (Mailed Starting 2024-09-05), Website Notice, Dedicated Call Center, Public notice to victims; free credit/identity monitoring offered; call-in verification for affected patients and Notifying Affected Donors As Required By Law.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : ransomware NEW4302343091025
Customer Advisories: notification letterswebsite noticecall center support
Incident : Data Breach NEW3292232091725
Stakeholder Advisories: Victims advised to call NYBCe to confirm data compromise; free credit/identity monitoring offered via Experian
Customer Advisories: Patients whose data was shared with NYBCe urged to verify exposure status via phone
Incident : data breach NEW3192731092625
Customer Advisories: letter sent to affected donors
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Notification Letters, Website Notice, Call Center Support, , Victims advised to call NYBCe to confirm data compromise; free credit/identity monitoring offered via Experian, Patients whose data was shared with NYBCe urged to verify exposure status via phone, Letter Sent To Affected Donors and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : ransomware NEW4302343091025
Reconnaissance Period: 2024-01-20 to 2024-01-26
High Value Targets: Patient Data, Employee Records, Clinical Information,
Data Sold on Dark Web: Patient Data, Employee Records, Clinical Information,
Incident : data breach NEW3192731092625
High Value Targets: Donor Medical Data,
Data Sold on Dark Web: Donor Medical Data,
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Experian (Credit/Identity Monitoring), , Legal Partners, Forensic Partners, .
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-01-26.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-09-05.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2024-06-30.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were No confirmation, , , donor medical information, infectious disease test results and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Internal computer systems and computer systems.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was experian (credit/identity monitoring), , legal partners, forensic partners, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Immediate actions to contain the threat and reduce disruption and immediate actions taken to contain the threat.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were No confirmation, donor medical information and infectious disease test results.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 195.2K.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was class-action lawsuits filed by donors, .
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are New York Blood Center Enterprises Public Notice, News article (unspecified), Regulatory filings (Maine, Texas, New Hampshire, California), New York Blood Center website notice and Comparitech.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Victims advised to call NYBCe to confirm data compromise; free credit/identity monitoring offered via Experian, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an notification letterswebsite noticecall center support, Patients whose data was shared with NYBCe urged to verify exposure status via phone and letter sent to affected donors.
Initial Access Broker
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was 2024-01-20 to 2024-01-26.
.png)
Latest Global CVEs (Not Company-Specific)
Description
vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named Nemotron_Nano_VL_Config. When vllm loads a model config that contains an auto_map entry, the config class resolves that mapping with get_class_from_dynamic_module(...) and immediately instantiates the returned class. This fetches and executes Python from the remote repository referenced in the auto_map string. Crucially, this happens even when the caller explicitly sets trust_remote_code=False in vllm.transformers_utils.config.get_config. In practice, an attacker can publish a benign-looking frontend repo whose config.json points via auto_map to a separate malicious backend repo; loading the frontend will silently run the backend’s code on the victim host. This vulnerability is fixed in 0.11.1.
Risk Information
cvss3
Base: 7.1
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Description
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain URL-holding attributes (e.g., those that could contain javascript: URLs) as requiring strict URL security, enabling the injection of malicious scripts. This vulnerability is fixed in 21.0.2, 20.3.15, and 19.2.17.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=new-york-blood-center' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
