Ransomware gang claims credit for Signature Healthcare cyberattack—albeit temporarily - HealthExec

Ransomware gang claims credit for Signature Healthcare cyberattack—albeit temporarily Chad Van Alstin | April 10, 2026 | Health Exec | Cybersecurity A hospital in Massachusetts is still reeling from the impact of a cyberattack that happened on Monday, disrupting core services.  Brockton Hospital, part of a regional medical group called Signature Healthcare, revealed that it was experiencing a “cybersecurity incident affecting certain information systems” in a LinkedIn post, adding that it was relying on “downtime procedures”—which often means paper-based record keeping—to maintain as many patient care operations as possible.  The hospital added that it was working with a third party to investigate the attack and restore its IT systems as soon as possible.  “Emergency and inpatient services remain open, though ambulance traffic is being diverted. Surgeries and procedures, including endoscopy, are continuing as scheduled,” the hospital wrote.  As of its latest update on Wednesday, the hospital said ambulances were still being instructed to bring patients to other facilities. As of Friday, there is no indication that had changed. Emergency rooms at Brockton Hospital are open but for walk-in patients only. In the latest LinkedIn post, Signature mentioned that medical record requests are “unavailable at this time,” which is consistent with its electronic health record system being taken offline.  It’s unclear, however, whether hackers gained access to that system. The specifics surrounding the data breach—such as the method of attack and what level of access cybercriminals had to the hospital’s network—have not been revealed. At this time, hospital officials have not said if the incident constitutes a data breach, as there has been no confirmation that nefarious actors stole sensitive personal data or protected health information on patients.  The outage extended beyond Brockton Hospital, impacting other Signature Healthcare sites. The organization closed its retail pharmacies initially, reopening them for consultations only, with no ability to fill prescriptions.  Leak site mystery Given the scope of the shutdown and loss of access to the EHR, the incident has all of the hallmarks of a ransomware attack.  On Thursday, an infamous cybercrime syndicate known as Anubis claimed credit for the attack, posting on its dark web leak site that it had stolen more than 2 terabytes of data from Brockton Hospital and Signature Healthcare.  The data trove was teased as containing "sensitive" data, according to screenshots circulating on social media. Anubis gave the health system a deadline of one week to pay a ransom, cybersecurity analysts at Comparitech reported after viewing the posting.  By Friday morning, the group had removed any mention of Signature Healthcare from its website.  It’s unclear if any ransom was demanded or paid, resulting in the post being removed. HealthExec reached out to Signature Healthcare for more information. More Healthcare Cybersecurity News: CareCloud hit by data breach that could impact millions Arizona cardiology practice paying $3.85M to resolve lawsuit after data breach Data allegedly from UMMC priced at $800K, posted on dark web Chad Van Alstin Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations. RELATED CONTENT Connecticut Medicaid program hit by data breach impacting 22,500 patients Data breach on New York public health system claims 1.8M victims, leaking biometric data to hackers Race tightens between cybersecurity pros in healthcare and cyber bad guys everywhere Newly developed ransomware accidentally deletes files, making extortion difficult Hackers say they breached Medtronic's servers—the company confirms access from an 'unauthorized party' Users on a Discord chat are playing with Mythos, an AI deemed too dangerous for the public