The hospital Signature Healthcare in Brockton, Massachusetts, diverted ambulances and canceled some services after a cyberattack disrupted operations. Pharmacies couldn’t fill prescriptions, though urgent care and walk-in services remained open.
Signature Healthcare Brockton Hospital is a non-profit community teaching hospital in Brockton, Massachusetts, founded in 1896. It has about 216 beds and serves over 20 surrounding communities, offering services such as medical, surgical, pediatric, and obstetric care, along with advanced diagnostics. The hospital is affiliated with Beth Israel Deaconess Medical Center and plays a key role in the regional healthcare system.
The hospital, part of a network with 15 locations and 150+ physicians, reported the cybersecurity incident on Monday.
“Signature Healthcare and Signature Healthcare Brockton Hospital are currently responding to a cybersecurity incident that has affected certain information systems within our health system.” reads a statement from the healthcare organization. “Upon identifying suspicious activity within a portion of our network, we immediately activated our incident response protocols. We moved to down-time procedures to ensure high-quality patient care and safety. We are working with outside resources to help us investigate the incident and restore operations as quickly as possible.”
The organization has not confirmed a ransomware attack, and the attackers’ motivation are still unknown. At this time, no ransomware group has claimed responsibility for the attack.
It is unclear if threat actors have stolen sensitive data.
Healthcare organizations are prime cybercrime targets due to valuable data, operational urgency, and complex systems. Medical records contain sensitive personal and financial information, making them highly profitable. Hospitals cannot afford downtime, increasing the likelihood of ransom payments. Their large, interconnected networks, legacy devices, and many users expand the attack surface. Combined with often limited cybersecurity maturity, these factors make healthcare an attractive and vulnerable target.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Signature Healthcare)
The Payload Ransomware group claims to have hacked the Royal Bahrain Hospital (RBH) and stolen 110 GB of data. The ransomware gang added the healthcare facility to its Tor data leak site and published the images of allegedly hacked systems as proof of the attack.
The group is threatening to release the stolen data if the ransom is not paid by March 23.
Royal Bahrain Hospital has allegedly been breached by new Payload Ransomware https://t.co/zXlERHcPpe pic.twitter.com/FIRMTc1Bsm
— Dominic Alvieri (@AlvieriD) March 15, 2026
Royal Bahrain Hospital, founded in 2011, is a healthcare facility with 70 beds offering inpatient and outpatient services, including surgery, maternity care, and diagnostics. It serves patients from Bahrain and neighboring countries such as Oman, Qatar, Saudi Arabia, and the United Arab Emirates.
Payload ransomware is a relatively new cybercrime operation using a double-extortion model that combines data theft and file encryption to pressure victims. The group has targeted mid- to large-size companies in sectors such as real estate and logistics, mainly in emerging markets. Technically, the ransomware uses ChaCha20 for file encryption and Curve25519 for key exchange, while deleting shadow copies and disabling security tools.
Like many modern crews, Payload likely operates as a ransomware-as-a-service scheme and runs a Tor leak site to publish data from non-paying victims.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Royal Bahrain Hospital data breach)
Entrar