Brockton Hospital Ransomware Attack: Downtime Procedures to Continue for Two Weeks
Brockton Hospital in Massachusetts is continuing to grapple with a cybersecurity incident that took many of its electronic systems offline on April 6, 2026, and forced the hospital to divert ambulances to alternate facilities and cancel scheduled cancer treatments. An investigation into the cyberattack is ongoing, and the hospital is working with federal and state officials. While some systems have been brought back online, the hospital is continuing to use its downtime procedures, with staff members working off paper rather than computers. A Signature Healthcare spokesperson told Boston 25 News that the hospital would continue under downtime procedures for the next two weeks.
Signature Healthcare has been providing updates on the attack and recovery, and on April 10, 2026, said care continues to be provided to patients at the hospital, although there have been some disruptions to certain patient services. Lab work and medical testing are continuing, but there may be delays, and the patient portal system remains offline. The hospital is still unable to fill new prescriptions, and cannot currently fulfil requests for medical records. Inpatient food services are continuing, although special food requests for patients with dietary restrictions cannot currently be accommodated.
The Anubis ransomware-as-a-service group claimed responsibility for the attack. Anubis engages in double extortion, stealing data and encrypting files. A ransom must be paid to prevent the release of stolen data and obtain the keys to recover encrypted files. According to SuspectFile, which was contacted by a member of the Anubis group, files were encrypted in the attack. The Anubis spokesperson told SuspectFile that only non-critical systems were encrypted, and 2TB of data was stolen in the attack, including a large volume of patient data.
Anubis is attempting to pressure Signature Healthcare into paying the ransom by adding the hospital to its data leak site, along with a countdown clock when the stolen data will be published. Signature Healthcare has yet to confirm the extent of data theft, which may not be known for some time. The priority continues to be patient care, remediating the attack, and bringing systems back online when it is safe to do so.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Signature Healthcare has confirmed that ambulances are no longer being diverted. “Needless to say, our priority is to ensure that all patients receive the highest caliber healthcare, particularly anyone experiencing a medical emergency,” Signature Health CEO Bob Haffey said. “We have reached this important milestone in system recovery and restoration of services after the cyber incident as a direct result of the round-the-clock work of our staff, particularly our IT teams, clinical staff, and operational leaders.”
April 8, 2026: Ambulances Diverted from Brockton Hospital While Signature Healthcare Deals with Cyberattack
Signature Healthcare’s Brockton Hospital in Massachusetts is grappling with a cyberattack and has implemented its downtime procedures while the incident is investigated. Some procedures have been temporarily cancelled, and the electronic medical record system and patient portal have been taken offline.
Signature Healthcare treats around 70,000 patients a year in Southeastern Massachusetts at its 216-bed Brockton Hospital, and the 15 care locations served by Signature Medical Group. The cybersecurity incident was detected on April 6, 2026, which impacted its information systems. The emergency room was placed on divert, with ambulances sent to alternate facilities due to the inability to access key information technology systems, although emergency services continued to be provided to walk-ins.
While the hospital continued to provide inpatient services and surgeries were proceeding without interruption, patients faced delays and some services were postponed, including chemotherapy infusions at the Greene Cancer Center, which were cancelled on April 7. Signature Healthcare partially closed its Brockton and East Bridgewater pharmacies, with consultations still taking place but prescriptions unable to be filled.
Signature Healthcare issued a statement confirming that surgeries and procedures were continuing, that its ambulatory physician practices and urgent care facilities remained open. Without access to certain information systems, alternative methods of documentation were being used, and there were naturally some delays to patient care as a result.
Signature Healthcare said it is working with third-party cybersecurity specialists and federal officials to investigate the incident, determine the nature and scope of the unauthorized activity, and identify the source of the intrusion. “Our care teams continue to provide high-quality care using established downtime procedures. We remain committed to serving our community throughout this process,” Kim Walsh, Signature Healthcare’s chief operating officer, said.
The priority is ensuring high-quality care continues to be provided to patients while the incident is investigated. Systems will be brought back online when it is safe to do so, and as the investigation progresses, it will become clear to what extent, if any, patient data has been compromised. On April 8, when this article was posted, no threat actor had claimed responsibility for the incident; however, on Thursday 9, the Anubis ransomware group took credit for the attack, although no data appears to have been leaked so far.
There is usually a lag between an attack taking place and the victim being added to a data leak site, as the threat actor typically gives the victim time to make contact and negotiate payment. For a group to claim responsibility so quickly suggests that Signature Healthcare has made contact and likely made it clear that payment would not be forthcoming. Anubis claims to have exfiltrated a huge amount of data – 2 TB, including sensitive patient data.
