A cyberattack on hospitals in North Central Massachusetts has caused major operational disruptions at Heywood Hospital in Gardner and Athol Hospital, a smaller critical access facility in Athol. Both hospitals are operated by Heywood Healthcare, a non-profit organization serving the region.
The incident, which was first detected last week, led to an immediate network shutdown as part of emergency response protocols to contain the breach and protect patient data and hospital systems. Following detection, a “Code Black” was declared, a designation used in healthcare settings to indicate a critical system outage, and emergency departments were closed to ambulance arrivals. Ambulances had to be rerouted to other regional hospitals due to system inaccessibility.
Decoding the Athol and Heywood Hospital Cyberattack
The hospital cyberattack disrupted vital services, including Internet access, email communication, and phone lines. Radiology and laboratory operations were also affected. While communication systems have since been partially restored, hospital officials confirmed on October 16, 2025, that the outage was due to a cybersecurity incident. A third-party cybersecurity firm has been brought in to investigate the breach and support recovery efforts.
Despite the disruption, both Heywood Hospital and Athol Hospital have remained open for patient care, including outpatient services provided by Heywood Medical Group. Officials stressed that patient safety remains the top priority, and that care delivery continues, though some services are operating at reduced capacity.
As a temporary workaround, the Athena patient portal has been made accessible to facilitate communication between patients and providers. Patients unable to access the portal are advised to use the hospital’s answering service.
Why is the Healthcare Sector a Prime Target for Cybercriminals?
Healthcare facilities are prime targets for cybercriminals, particularly ransomware groups. According to a recent study conducted by the Ponemon Institute, 93% of healthcare organizations surveyed experienced a cybersecurity incident in the past year. Alarmingly, 72% of those incidents led to patient care disruptions, highlighting the direct impact such breaches have on healthcare delivery.
The same study pointed to consequences such as appointment cancellations, delayed intakes, extended hospital stays, worsened patient outcomes, and even increased mortality rates following cyberattacks. These findings emphasize the potentially life-threatening implications of cybersecurity lapses in healthcare environments.
Investigation Ongoing, No Timeline for Full Recovery
Heywood Hospital and Athol Hospital continue to work with cybersecurity professionals to investigate the breach and restore normal operations. While communication tools and some functions are back online, full system functionality has yet to be reestablished, and no specific timeline has been shared publicly.
The hospitals have not confirmed whether ransomware was involved, nor have they reported any evidence of stolen or exposed patient data. Heywood Healthcare has assured the public that it will continue to monitor the situation and provide updates as more information becomes available.
