A cyberattack has caused a network outage that has disrupted operations at two hospitals in North Central Massachusetts – the 134-bed non-profit Heywood Hospital in Gardner, and Athol Hospital, a 25-bed critical access hospital in Athol, both owned and operated by Heywood Healthcare.

The attack was detected last week, and systems were immediately taken offline to protect the network and patients. Incident response protocols were activated, a Code Black was declared, and the emergency department was closed to all patients arriving by ambulance. Ambulances were diverted to other facilities due to the inability to access certain systems. Radiology and laboratory services have also been disrupted.

The attack affected its Internet connection, email system, and phone lines, and while communications are back up and running, some issues are still being experienced. On Thursday, October 16, 2025, the hospital confirmed that the network outage was caused by a cybersecurity incident and that a third-party cybersecurity firm has been engaged to assist with the investigation and recovery. The Athena portal is online, and patients are encouraged to use the portal to communicate with the hospital and providers, and its answering service is operational if the portal cannot be accessed.

Heywood Hospital said its main priority is ensuring that care continues to be provided to patients, and has confirmed that both hospitals and Heywood Medical Group have remained open throughout and are continuing to provide care to patients. Heywood Healthcare is working with the cybersecurity experts to restore systems as quickly as possible, but no timeline has been provided for when full functionality will be restored. The exact nature of the attack, such as whether ransomware was involved, has not been disclosed. No ransomware group appears to have claimed responsibility for the attack. At such an early stage of the investigation, it is unclear to what extent, if any, patient data has been exposed or if sensitive data was stolen in the attack. Heyward Healthcare said it will provide further updates as more is learned about the incident.

Patient care is often disrupted by cyberattacks, the extent of which was recently explored in a survey conducted by the Ponemon Institute on behalf of cybersecurity firm Proofpoint. The survey found that 93% of healthcare organizations in the study had experienced a cybersecurity incident in the past 12 months, and 72% had experienced a cybersecurity incident that disrupted patient care. Healthcare providers reported negative impacts such as cancelled appointments, delayed intake, longer patient stays, poorer outcomes, increased complications from medical procedures, and an increase in mortality rate following a cyberattack.

The post Massachusetts Hospitals Experiencing Disruption Due to Cyberattack appeared first on The HIPAA Journal.