Cyber Incident Victim: HealthAlliance Hospital
Date:
Oct 2023
Location:
United States of America
Summary
HealthAlliance Hospital and affiliated facilities experienced a cyberattack disrupting IT systems, prompting patient transfers or discharges, ambulance diversions to nearby hospitals, and a preemptive network shutdown for approximately 24 hours followed by a phased restoration over the weekend. The incident response involved coordination with law enforcement including the FBI, a third-party cybersecurity firm, state health authorities, and county officials, prioritizing patient safety while maintaining limited walk-in services with stabilization and transfer protocols. Operational impacts included communication with EMS providers, regional medical facilities, elected representatives, and affected families as the organization worked to resolve the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 19, 2023, Westchester Medical Center Health Network (WMCHealth) confirmed a cyberattack impacting HealthAlliance Hospital in Kingston, Margaretville Hospital, and Mountainsville Residential Care Center, prompting immediate operational disruptions. The attack compromised IT systems, leading WMCHealth to notify the New York State Department of Health, Ulster County, Delaware County officials, the FBI, and a third-party cybersecurity firm to investigate the scope and affected systems. Within hours of discovery, WMCHealth initiated patient transfers and discharges from HealthAlliance Hospital, relocating a dozen inpatients to other network facilities like Northern Dutchess Hospital in Rhinebeck or discharging them home. Ambulance diversions were implemented to redirect emergency traffic to nearby hospitals, with Kingston Fire Department and Empress Ambulance Service assisting patient transfers. WMCHealth announced a planned system-wide IT shutdown starting at 10 p.m. on October 20 to address the threat, anticipating a 24-hour outage followed by a phased restoration lasting through the weekend. HealthAlliance Hospital remained open for walk-in patients, though they faced potential stabilization and transfer to other WMCHealth facilities if needed.
The incident triggered widespread communication with local EMS providers, regional medical facilities, elected officials, and patients’ families to coordinate care continuity. Ulster County Executive Jen Metzger acknowledged the cyberattack during a press event, expressing concern over the patient transfers and awaiting updates from the county’s emergency services director. WMCHealth emphasized patient safety as the primary motive for preemptive measures, including system isolation and infrastructure repairs, while declining to specify the attack vector or data compromise pending investigation. No ransomware claims or threat actor details were disclosed publicly. Operational impacts included prolonged system downtime affecting three facilities, though outpatient services at HealthAlliance continued with limited capabilities. The network committed to resolving the issue "as soon as possible" and providing community updates, though no definitive recovery timeline or forensic findings were shared within the initial disclosure period.