Ransomware Group Claims Breach of Brockton Hospital, Demands Ransom for 2TB of Patient Data

When Signature Healthcare's computer systems went dark on April 6, the most immediate casualties were not data files but care decisions. Ambulances stopped arriving at Brockton Hospital as emergency services rerouted traffic to alternate facilities. Scheduled chemotherapy infusion sessions were canceled. Staff at the 216-bed Massachusetts hospital, which treats roughly 70,000 patients a year, fell back on paper records and manual protocols while outside cybersecurity specialists worked to diagnose the damage.

Three days later, a ransomware group calling itself Anubis posted a claim on its dark-web leak site asserting it had breached Signature Healthcare's network and exfiltrated approximately two terabytes of patient data. The group gave the health system seven days to pay an unspecified ransom before releasing the information publicly. Anubis has a documented history of carrying through on such threats, according to security researchers who track the group's activity.

Signature Healthcare had not publicly confirmed the ransom claim as of April 10. A hospital spokesperson said investigators had found no immediate indication that data had been accessed but acknowledged the question remained open. "We don't have any immediate indication that anything has been [accessed], but we don't know," the spokesperson said. "That will be part of the full investigation." Cybersecurity firms note that ransomware gangs sometimes falsely claim credit for incidents or inflate the scope of stolen data, meaning the Anubis posting requires independent verification before its full implications are clear.

The FBI confirmed awareness of the incident but declined to comment further. Massachusetts State Police said Signature had reported the activity to the Commonwealth Fusion Center, the state's cybersecurity coordination body.

The operational picture inside the hospital illustrated what security professionals call the "ransomware blast radius." The electronic medical record system and patient portal went offline. Two retail pharmacy locations, in Brockton and East Bridgewater, remained open for consultation but could not fill new prescriptions. Requests for copies of medical records were suspended. The Massachusetts Nurses Association said its members had adapted without reported negative consequences so far, but the union flagged a secondary concern: Boston Medical Center South was absorbing additional emergency cases as a direct result of Brockton's ambulance diversions.

Healthcare systems remain a preferred ransomware target precisely because the cost of operational downtime is measured in patient risk rather than merely revenue. Medical records carry billing data, Social Security numbers, and prescription histories that command premium prices on criminal markets. If the Anubis data claim is verified, Signature Healthcare would face mandatory notification obligations under federal HIPAA rules and potential scrutiny from HHS, which has been tightening cybersecurity expectations for covered entities following the 2024 Change Healthcare attack that paralyzed pharmacy systems nationwide.

For Brockton-area patients with upcoming appointments or ongoing treatment plans, the practical steps are immediate: verify appointments directly by phone before arriving, contact the hospital's clinical team about any time-sensitive prescriptions, and request paper copies of recent records once that service resumes. Signature Healthcare said it would continue to update patients as the investigation progresses. With a seven-day ransom clock now running, the window for resolution, or escalation, is narrow.