Heywood Healthcare, the nonprofit health system operating Heywood Hospital in Gardner, Massachusetts and Athol Hospital in nearby Athol, suffered a ransomware attack detected on October 12, 2025 when a network outage took internet, email, phone, radiology, and laboratory systems offline. The hospitals declared a Code Black status, diverting ambulances to alternate facilities, with stroke patients sent to other primary stroke service hospitals because of CT-imaging unavailability. Heywood Healthcare confirmed the cybersecurity incident on October 16, 2025 and engaged outside cybersecurity experts. The Sinobi ransomware-as-a-service group claimed responsibility on November 9, 2025 by listing heywood.org on its dark-web leak site.\n\nThe breach affected approximately 93,000 individuals based on records indexed by breach-tracking services. Compromised fields included names, email addresses, phone numbers, and Social Security numbers. As a community hospital system, the underlying records exfiltrated by the attackers also include patient identity, insurance, billing, diagnostic, and treatment information typical of an integrated hospital and physician-practice operation, beyond the more limited field set surfaced publicly. Sinobi is a relatively new ransomware operation that began listing victims on its leak site in July 2025, with healthcare providers representing a large share of confirmed targets.\n\nFor affected patients, the practical risk profile combines identity-fraud exposure with community-hospital-specific risks. The combination of name and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms a hospital-care relationship and may reference specific Heywood and Athol service lines, which can support medical-themed phishing and insurance-fraud scams. Affected patients should freeze credit at all three U.S. bureaus, monitor health-insurance statements and explanation-of-benefits notices closely, and treat unsolicited contact referencing Heywood Hospital, Athol Hospital, or Heywood Medical Group with caution. Patients who experienced ambulance diversion or care delay during the Code Black period should retain related documentation in case it becomes relevant to litigation.

Hospitals collect patient identity, contact, insurance, billing, diagnosis, and treatment records across clinical and operational systems.

Heywood Healthcare detected a network outage on October 12, 2025 that affected internet, email, phone, radiology, and laboratory systems across both Heywood Hospital and Athol Hospital. The hospitals declared a Code Black status and diverted ambulances to other facilities, with stroke patients diverted to alternate primary stroke service hospitals because of CT-imaging unavailability. The system confirmed the outage as a cyberattack on October 16, 2025 and engaged third-party cybersecurity experts. The Code Black status was lifted on October 17, 2025, and most outpatient services resumed by late October. The Sinobi ransomware-as-a-service group claimed responsibility on November 9, 2025 by listing heywood.org on its dark-web leak site, asserting data theft. Class-action investigations by U.S. plaintiff law firms began organizing in late October 2025.