Hospitals hit by cyberattacks

A Massachusetts hospital is still using paper records and manual workflows after a ransomware attack knocked key systems offline and diverted ambulances for more than a week. (hipaajournal.com) Signature Healthcare Brockton Hospital said the attack was discovered on April 9, 2026, and forced it to take network systems offline, cancel some appointments, and send ambulances to other facilities. The hospital said it resumed accepting ambulances on April 15 while continuing “downtime procedures” across parts of the organization. (hipaajournal.com) When hospitals shift to downtime procedures, staff move from connected software to handwritten notes, printed orders, and phone calls so care can continue while computers are isolated. Signature Healthcare said its emergency department stayed open during the outage, but some patient-facing services remained disrupted as recovery continued. (hipaajournal.com) A separate incident in the Netherlands raised a different threat: stolen patient information. Dutch outlet NL Times reported on April 15 that patient data from hospitals using ChipSoft software may have been exposed after a ransomware attack on one of the company’s technology suppliers. (nltimes.nl) NL Times said the affected supplier was Nortal, which works with ChipSoft on hospital information technology projects, and that hospitals were investigating whether medical or personal records had been taken. ChipSoft said there was no evidence that its own systems had been breached, according to the report. (nltimes.nl) A third case shows how these intrusions can start at the clinic level, not just through hospital networks. The Hacker News reported on April 15 that a group tracked as UAC-0247 used malware against Ukrainian clinics to steal saved browser credentials, documents, and messages from the Signal desktop app. (thehackernews.com) Ukraine’s computer emergency team, known as the Computer Emergency Response Team of Ukraine, said the campaign used phishing emails and malicious attachments to infect systems. The malware then searched for files and account data that could help attackers move deeper into medical organizations or extract sensitive information. (thehackernews.com) The three cases hit different parts of healthcare: one disrupted ambulances and hospital operations, one raised questions about supplier access to patient records, and one targeted clinic staff devices and communications. Together they show how attacks on hospitals now reach emergency rooms, software vendors, and frontline medical offices at the same time. (hipaajournal.com, nltimes.nl, thehackernews.com) At Brockton Hospital, the immediate benchmark was not full recovery but getting ambulances back through the door. More than a week after the April 9 attack, that step had happened, but the hospital said manual procedures were still in place as investigators and technicians worked to restore systems safely. (hipaajournal.com)