A cyberattack on a prominent hospital system in Massachusetts has been forced to turn away ambulances and deploy down-time procedures.

Signature Healthcare and Signature Healthcare Brockton Hospital said on Monday that the cyber incident is impacting many of their information systems. Officials at the hospital said they are working with outside experts to investigate the incident and restore downed systems. 

Inpatient, walk-in emergency services and scheduled surgeries are still being conducted, but chemotherapy infusion services for cancer patients were cancelled on Tuesday. 

“Upon identifying suspicious activity within a portion of our network, we immediately activated our incident response protocols. We moved to down-time procedures to ensure high-quality patient care and safety,” the company said. 

The hospital system has operated for more than 125 years, serving hundreds of thousands of people across Brockton and several other suburbs outside of Boston. 

The hospital warned that patients will experience delays due to the technology outages. No hacking group has taken credit for the attack as of Tuesday. 

Multiple hospitals have been forced to cancel appointments and limit services following cyberattacks this year, including the biggest hospital in Mississippi. Another large hospital in Idaho recently recovered from a cyberattack that took down all the facility's phone and internet systems. 

Iranian hackers were allegedly responsible for a cyberattack on medical device company Stryker, which impacted dozens of hospitals that use the company’s communication and healthcare products. 

Errol Weiss, chief security officer at cyber information sharing group Health ISAC, told Recorded Future News that he is seeing “a sustained, high level of malicious activity targeting the healthcare sector.” 

Weiss said they are aware of multiple significant incidents affecting hospitals, payers, pharmaceutical and medical device manufacturers, and key technology vendors. Most have not been publicly disclosed because they’re still being handled with law enforcement and regulators, he explained.

“It’s highly likely that both the volume and impact of attacks remain elevated compared to previous years, particularly around ransomware and data-theft operations,” he said. 

“In many cases, organizations were able to contain the activity before it reached the level of a major public outage, which is why you haven’t seen them disclosed. Because these incidents are still being worked through with law enforcement and regulators, we’re not in a position to share specifics or name organizations.”

Weiss said they are seeing both nation-state attacks from Iran and other countries alongside financially motivated cybercriminals. 

He warned that there are an array of traditional ransomware and data extortion attacks blended in with more destructive incidents.

“What worries me most is that the same access and techniques could be used interchangeably for espionage, financial gain, or destructive impact — any of which could put people's lives in danger if healthcare services are interrupted,” he said. 

Weiss noted that they continue to maintain an information sharing channel with federal agencies like the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) so healthcare companies can have immediate insights available.