Hospitals part of the Heywood Healthcare network in Massachusetts, are experiencing significant disruptions following a cyberattack detected in early October 2025. The intrusion, first identified during the week of October 12–13, prompted immediate action, including the shutdown of network systems to protect patient data and hospital operations. Both hospitals declared a “Code Black,” closing emergency departments to ambulance arrivals and rerouting emergency patients to neighboring facilities. Despite these challenges, both hospitals have continued to provide inpatient and outpatient care, emphasizing that patient safety remains the top priority.
Nature of the Cyberattack and Outstanding Unknowns
At this time, the exact nature of the cyberattack remains unclear. It is not known whether ransomware was involved, whether patient or sensitive hospital data was stolen or exposed, or who perpetrated the attack. No hacker group has claimed responsibility, and so far, there is no evidence of data being leaked on the darknet. Details on the total number of patients affected by care delays or the timeline for full system restoration are also unknown. Investigation efforts are ongoing, with a third-party cybersecurity firm engaged to assess and recover affected systems.
Impact on Hospital Operations
The cyberattack disrupted multiple core systems, including internet connectivity, email communication, phone lines, radiology imaging, and laboratory services. At Heywood Hospital, the CAT scan machine was specifically reported as affected. Outpatient services continued but at reduced capacity, and triage protocols were implemented for emergency patients due to limited system availability. Appointment scheduling was disrupted, and patients were advised to use the Athena patient portal or the hospital answering service for communication with providers. Despite these limitations, both hospitals remained open for inpatient care, with officials stressing that patient safety was maintained throughout the incident.
Investigation and Recovery Efforts
Heywood Healthcare engaged a third-party cybersecurity firm to investigate the intrusion and support system recovery. Partial restoration of communication systems has been reported, but several hospital systems remain offline. No official timeline has been provided for the full resumption of normal operations. Hospitals continue to monitor the situation closely, with ongoing efforts to restore all affected services.
Public Communication
Initial public notice of the network outage was issued via Heywood Healthcare’s Facebook page on October 12, describing inoperable systems without specifying a cyberattack. A follow-up post on October 16 officially confirmed the incident as a cybersecurity issue. Patients were advised to utilize the Athena portal for communication with providers, with the hospital answering service also available for those unable to access the portal. Status updates remain limited, with no confirmation of full system recovery or the status of affected services.
Regional and Industry Context
The cyberattack impacted healthcare facilities in North Central Massachusetts, highlighting broader vulnerabilities in the healthcare industry. Cyberattacks on healthcare organizations are increasingly common, with surveys indicating that the vast majority of hospitals have experienced security incidents in the past year, many of which disrupted patient care. Such disruptions can result in canceled appointments, delayed treatments, extended hospital stays, worsened patient outcomes, increased complications, and elevated mortality risk. Legal oversight is also underway, with law firm Shamis & Gentile monitoring the situation for potential lawsuits.
Operational Takeaways
Heywood and Athol Hospitals activated emergency response protocols promptly and maintained patient care despite significant system limitations. Outpatient services continued, triage protocols guided emergency care, and communication workarounds via the Athena portal and answering service were successfully implemented. Hospitals remain under third-party cybersecurity review and ongoing monitoring as recovery and investigation efforts continue.
0 Comments