Brockton Hospital Cyberattack Keeps Downtime Procedures in Place as Recovery Continues

What happened

Brockton Hospital is continuing to operate under downtime procedures after a cyberattack on April 6, 2026 took many of its electronic systems offline. The incident forced ambulances to divert to alternate facilities, canceled scheduled cancer treatments, and disrupted access to key digital services. While some systems have been restored, staff are still working on paper rather than computers, and a hospital spokesperson said downtime procedures are expected to continue for the next two weeks. The hospital said patient care is continuing, though some services remain affected. Lab work and medical testing are still being performed but may be delayed, the patient portal remains offline, new prescriptions cannot currently be filled, and requests for medical records cannot yet be fulfilled. 

A ransomware group calling itself Anubis claimed responsibility for the attack and said it encrypted files and stole 2 terabytes of data, including patient information. The group also added the hospital to its leak site with a countdown clock tied to publication of the allegedly stolen data. The hospital has not confirmed the extent of any data theft and said recovery and patient care remain the priority while systems are brought back online safely. 

Who is affected

The direct impact falls on Brockton Hospital patients, staff, and affiliated care locations relying on the affected electronic systems. The hospital said inpatient services and surgeries have continued, but some patient services have been disrupted, including canceled chemotherapy infusions, partial pharmacy closures, delays in testing, and continued unavailability of the patient portal and medical records requests. 

Why CISOs should care

This incident matters because it shows how a ransomware event in a hospital environment can quickly affect both urgent and routine patient services even when care continues. It also highlights the length of recovery that may be required after an attack on clinical systems, especially when organizations must balance restoration speed against safety, service continuity, and the possibility of stolen patient data. 

3 practical actions

1. Plan for extended downtime operations: Make sure hospitals can sustain paper-based workflows for more than a few days when core clinical and administrative systems are unavailable. 
2. Separate service continuity by function: Track which services can continue, which can continue with delays, and which must be suspended entirely, so patient communication stays specific and credible. 
3. Prepare for parallel recovery and data-theft response: Build response plans that handle operational restoration and potential leak-site pressure at the same time when ransomware groups claim both encryption and exfiltration. 

For more news about ransomware incidents disrupting healthcare operations, click Ransomware to read more.