CISO Sentinel

A Massachusetts hospital has been forced to divert ambulances and cancel cancer treatments after a ransomware attack by the Anubis group, who claim to have stolen 2TB of patient data.

Brockton Hospital, part of the Signature Healthcare network in Massachusetts, declared a major incident on April 6, 2026, after its electronic systems were taken offline by a ransomware attack. The hospital's emergency room was immediately placed on divert, forcing ambulances to be rerouted to other facilities. The attack also led to the cancellation of scheduled cancer treatments at the affiliated Greene Cancer Center on April 7.

The Anubis ransomware-as-a-service (RaaS) group has claimed responsibility for the attack, adding Signature Healthcare to its data leak site with a countdown clock. The group alleges it has exfiltrated 2TB of data, including sensitive patient information. In a taunting message, the attackers claimed they only encrypted non-critical systems, a statement that rings hollow given the severe operational disruptions.

Signature Healthcare CEO Bob Haffey confirmed the organization is working with federal and state officials to investigate the breach and restore systems. As of April 10, ambulances are no longer being diverted, but the hospital's patient portal remains offline, and staff are relying on paper records. COO Kim Walsh stated that the hospital expects to continue with downtime procedures for at least two weeks, a significant disruption that will have a cascading impact on patient care and hospital revenue.

This incident is a stark reminder of the devastating real-world consequences of ransomware attacks on healthcare providers. The targeting of critical infrastructure, particularly hospitals, demonstrates a callous disregard for human life and safety. For CISOs in the healthcare sector, this attack underscores the urgent need for robust, multi-layered security defenses, including advanced endpoint protection, network segmentation, and a well-rehearsed incident response plan. The Anubis group's claim of stealing 2TB of data also highlights the double-extortion tactic now common in ransomware attacks, where data exfiltration is used as leverage to force a ransom payment. CISOs must assume that any ransomware attack will also involve a data breach and prepare their communication and legal strategies accordingly.

CISOInternals

Brockton Hospital ER Diverts Ambulances After Anubis Ransomware Attack

Related Coverage

Palo Alto Networks to Acquire CyberArk for $25B, Shaking Up Identity Security

Iran-Backed Wiper Attack Hits Medtech Giant Stryker, 200,000 Systems Wiped

Did LA Metro Just Suffer a Catastrophic OT Breach?

Deepfake CEO Fraud: Are You Next? A 3000% Surge in Attacks Puts CISOs on High Alert