Massachusetts Hospital Diverts Ambulances After Cyberattack Takes EHR Offline
What Happened – A southeastern Massachusetts health system (Signature Healthcare) confirmed a cyberattack on Monday that forced the hospital to divert ambulance traffic, take its electronic health records (EHR) and patient portal offline, and suspend certain cancer treatments and pharmacy prescription fills.
Why It Matters for TPRM –
- Critical patient‑care services can be halted by a third‑party cyber event, exposing supply‑chain and continuity risks.
- Downtime of EHR platforms may indicate ransomware or malware that could later lead to data exfiltration.
- Healthcare providers often rely on multiple vendors (EHR, pharmacy, lab, cloud) whose security posture directly impacts patient safety.
Who Is Affected – Healthcare providers (hospitals, outpatient clinics), EHR and patient‑portal vendors, pharmacy service providers, and the 70,000 patients served annually.
Recommended Actions –
- Verify the security controls and incident‑response capabilities of your EHR and related SaaS vendors.
- Review business‑continuity and disaster‑recovery plans for critical care pathways that depend on third‑party systems.
- Require evidence of recent vulnerability assessments and patch management for any integrated medical‑device software.
Technical Notes – The attack vector has not been disclosed; however, the rapid shutdown of EHR and patient portal aligns with typical ransomware or malware‑driven disruptions. No specific CVEs or data‑theft claims were reported for this incident. Source: DataBreachToday