Heywood Healthcare has taken IT systems offline and is diverting ambulances as it investigates a cyber incident affecting multiple hospital operations.
Heywood Healthcare, a nonprofit health system operating Heywood Hospital and Athol Hospital in North Central Massachusetts, is responding to a cyberattack that forced it to take its network offline. The disruption has affected radiology and lab services, email, phones, and access to imaging tools like CAT scans. Ambulances are being diverted to other facilities while emergency care and diagnostic services remain limited.
The healthcare system confirmed the incident as a cybersecurity attack and activated its response protocols immediately after discovering network outages last week. An investigation is underway with help from third-party cybersecurity experts and law enforcement. The cause, scope, and potential data impact have not yet been disclosed.
Inpatient and outpatient care remains operational at both hospitals, but certain emergency services and diagnostics are paused. Local emergency services, including Central Massachusetts EMS, advised that stroke patients should be rerouted due to imaging tools being offline. Heywood Medical Group asked patients to contact providers through their portal or an answering service as email and phone systems remain unstable.
It is unclear whether ransomware or data theft is involved. Heywood has not provided details about whether the incident involved encryption, extortion demands, or whether manual operations have been fully adopted.
A spokesperson from Heywood confirmed that the network disruption was due to a cybersecurity incident and that affected systems were taken offline to protect patient and system integrity. The investigation is in its early stages.
Security experts commenting on the incident outlined the growing trend of hospitals being targeted by ransomware and data extortion campaigns. Healthcare is a frequent target due to its operational sensitivity, often leading to organizations paying ransoms to resume services.
According to Paubox’s 2025 Mid-Year Email Breach Report, half of healthcare organizations reported that cyberattacks were the leading cause of major workflow disruptions. These attacks don’t just affect data, they halt operations, delay medical procedures, and force patient diversions, as seen in Heywood Healthcare’s case. System shutdowns caused by cyber incidents can degrade trust, interrupt diagnostics, and endanger patients when time-sensitive services like imaging and emergency response are unavailable.
Critical access hospitals, like Athol Hospital, serve rural areas and operate with limited capacity. Cyber disruptions in such facilities can strain regional emergency response systems due to a lack of nearby alternatives.
Radiology systems are often tightly integrated with hospital IT networks, making them vulnerable to outages when networks go offline or are locked down for security.
Indicators may include encrypted files, ransom notes on screens, disabled access to patient records, or extortion threats. Heywood has not confirmed whether any of these signs were present.
Hospitals typically rely on patient portals, answering services, or manual workflows when email and phone systems are unavailable, as seen in Heywood’s response.
Experts recommend improving segmentation, using multifactor authentication, conducting routine cyber drills, vetting third-party vendors, and adopting AI-based threat detection to minimize future disruption.