Hospital cyberattack disrupts care

A hospital cyberattack does not start with a hacker on a screen. It starts when a nurse cannot pull up a medication record, a dispatcher cannot send an ambulance to the usual emergency department, and a cancer patient gets a call saying today’s infusion is canceled. That is what happened this week at Signature Healthcare Brockton Hospital in Brockton, Massachusetts. After the health system detected suspicious activity on part of its network on Monday, April 6, 2026, it activated incident response protocols, pushed staff onto paper documentation, diverted ambulances, and canceled at least some chemotherapy treatments and pharmacy services while it worked to restore systems. (wcvb.com) The public facts are still limited. Signature Healthcare has said it identified suspicious activity within a portion of its network and brought in outside resources to investigate and recover, but it has not publicly confirmed the attack method, whether ransomware was involved, or whether patient data was accessed. (boston.com) Even without those details, the operational picture is already clear. Inpatient care and walk-in emergency services remained open, and surgeries and procedures including endoscopy were still proceeding, but ambulance traffic was diverted to other hospitals, ambulatory and urgent care patients were warned to expect delays, chemotherapy infusion services were canceled for Tuesday, April 7, and retail pharmacies in Brockton and East Bridgewater were closed. (boston.com) That mix of open doors and broken workflows is typical of a serious hospital technology outage. Modern hospitals run on connected systems for registration, charting, medication administration, imaging, lab orders, pharmacy dispensing, scheduling, and patient portals, so a disruption in “part of the network” can ripple through clinical operations long before anyone knows the full forensic story. Healthcare regulators have been warning for years that cyber incidents in hospitals are not just information technology problems. The Cybersecurity and Infrastructure Security Agency says healthcare threats affect patient safety because health information technology supports critical life-saving functions, and the Department of Health and Human Services says its healthcare cybersecurity goals are meant to improve resilience across the sector. (cisa.gov) That word, resilience, is the center of this story. A hospital under cyber stress is judged less by whether a policy binder exists and more by whether care can continue safely when screens go dark. In Brockton, that meant switching to downtime procedures. Boston 25 reported that the hospital moved to paper documentation, and Boston.com said the organization used alternative documentation methods to continue care while electronic systems were disrupted. (boston25news.com) Paper downtime sounds simple, but it is slow and fragile. Staff must handwrite notes, medication details, and orders that would normally move automatically between departments, and every manual handoff creates another chance for delay or transcription error. Ambulance diversion is one of the clearest signs that an outage has become an operations crisis. When a hospital asks emergency medical services to take patients elsewhere, it is effectively admitting that even if the building is open, the normal flow of emergency care cannot be supported at full speed. The canceled chemotherapy appointments show a different kind of clinical risk. Cancer infusions are highly scheduled, pharmacy-dependent treatments that rely on accurate orders, drug preparation, timing, and monitoring, so they are among the services most exposed when digital systems or pharmacy workflows are impaired. The legal and compliance side starts almost immediately too. The Department of Health and Human Services’ ransomware guidance says covered entities need contingency planning, including backup and emergency mode operations, and it also frames breach analysis and notification as parallel obligations when malware may have affected protected health information. (hhs.gov) That means hospital leaders have to run several races at once. One team is trying to keep patients safe, another is preserving evidence and rebuilding systems, and another is figuring out whether the incident triggers privacy notifications, regulator reporting, law enforcement coordination, board briefings, and outside counsel review. This is why hospital cyber incidents have become board-level events. The real test is not whether multifactor authentication was on a roadmap or whether training was completed last quarter; the real test is whether the organization can keep emergency care moving, protect high-risk treatments, document safely on paper, and recover fast enough that a network problem does not become a patient-care disaster. Brockton Hospital’s outage is still developing, and some services may resume before investigators explain exactly what happened. But the lesson is already visible: in healthcare, a cyberattack is never just about computers, because the first broken system patients notice is usually the care itself.