What Happened at Signature Healthcare
A Brockton hospital is back to full operations after a serious cybersecurity incident disrupted services for more than a week. Signature Healthcare — a leading Massachusetts provider with more than a dozen locations statewide — discovered suspicious activity on its network on April 6. The breach immediately triggered emergency protocols across the organization.
The incident affected information systems at Signature Healthcare Brockton Hospital, as well as pharmacies in Brockton and East Bridgewater. Hospital leadership acted quickly. They declared a “code black” and shifted to downtime procedures to protect patient safety while the investigation began.
“We moved to downtime procedures to ensure high-quality patient care and safety,” Signature Healthcare stated in an official alert. The hospital brought in outside cybersecurity experts to investigate the breach and restore operations as fast as possible.
Services Affected During the Incident
Emergency and Inpatient Care
Core services stayed open throughout the crisis. Inpatient care, urgent care, ambulatory physician practices, and walk-in emergency services all continued operating during the disruption. Scheduled surgeries and procedures also proceeded as planned. However, ambulances were diverted away from the hospital — a significant step that signals the severity of the situation.
Chemotherapy and Cancer Care
The incident hit cancer patients especially hard. All chemotherapy infusion services were canceled on April 7. Patients received instructions to call the Greene Cancer Center directly to reschedule. Over time, chemotherapy services resumed for new patients first, then gradually phased back in for existing patients, following strict safety protocols.
Pharmacy Services
Two Signature Healthcare pharmacies — one on Liberty Street in Brockton and another on Donalds Way in East Bridgewater — stayed open for consultations throughout the week. However, neither location could fill prescriptions during this period. Patients needing medications faced delays and had to seek alternatives elsewhere.
Administrative and Patient Portal Disruptions
Beyond clinical services, administrative functions also came to a halt. The Patient Portal System went offline entirely. Lab work and diagnostic tests faced delays. Additionally, requests for medical records went unfulfilled. These disruptions added stress for patients already dealing with health concerns.
How the Hospital Responded
Activating Downtime Protocols
Hospital staff responded with speed and discipline. Clinical teams switched to manual, paper-based workflows to maintain care quality without relying on digital systems. IT teams worked around the clock alongside outside experts to contain the breach and begin restoring systems safely.
Communication with Patients and the Public
Signature Healthcare kept patients informed through its official website and announcements. The organization posted regular updates detailing which services were available and what patients needed to do. This transparent communication helped reduce confusion during a disruptive period.
Recovery and Return to Normal Operations
Lifting the Code Black
On Wednesday, April 9, Signature Healthcare announced it was lifting the code black status. Ambulances began returning to the hospital, marking a key milestone in the recovery process. This was the clearest public signal that the organization had stabilized its systems enough to safely resume emergency intake.
Leadership Statement
Bob Haffey, CEO of Signature Healthcare Brockton Hospital, credited the recovery to his team’s relentless effort. “We have reached this important milestone in system recovery and restoration of services after the cyber incident as a direct result of the round-the-clock work of our staff, particularly our IT teams, clinical staff, and operational leaders,” he said in a press release. He also noted that outside experts continued guiding the organization through a phased recovery approach.
Ongoing Forensic Work
Even after ambulances returned, the work was not over. Some systems remained offline and continued being restored in the days that followed. Cybersecurity experts conducted forensic analysis to understand the full scope of the breach and ensure no vulnerabilities remained.
“We are grateful to our employees, partners, and community for their patience, flexibility, and dedication throughout this challenging time,” the hospital stated.
What This Means for Healthcare Cybersecurity
A Pattern Across Massachusetts
Cyberattacks on healthcare providers in Massachusetts are becoming more frequent. In October 2025, two Heywood Medical Group hospitals — in Gardner and Athol — faced a network outage later confirmed as a cybersecurity breach. These incidents reveal a troubling trend. Hospitals, with their vast stores of sensitive patient data and their reliance on connected systems, are increasingly attractive targets for cybercriminals.
Why Hospitals Are Vulnerable
Healthcare organizations manage enormous volumes of personal and medical data. Many also operate older IT infrastructure that is difficult to update quickly. Furthermore, hospitals cannot shut down operations to apply fixes — patient care must continue, which limits the speed of response. These factors together create significant vulnerabilities that bad actors continue to exploit.
The Importance of Incident Response Plans
Signature Healthcare’s relatively swift recovery — returning ambulances within about a week — reflects the value of having strong downtime and incident response protocols in place. Organizations without such plans face far longer disruptions and greater risk to patient safety.
Key Takeaways
- Signature Healthcare Brockton Hospital was hit by a cybersecurity incident on April 6.
- The hospital declared a code black, diverted ambulances, and suspended several services including chemotherapy and pharmacy prescription filling.
- Core services including inpatient care, urgent care, and scheduled surgeries continued throughout.
- Outside cybersecurity experts assisted with investigation and system restoration.
- Ambulance services resumed within about a week, and the code black was lifted on April 9.
- Some systems continued recovery even after normal operations resumed.
- Massachusetts healthcare providers are facing a growing pattern of cyberattacks.
