Cyber Incident Victim: Crystal Run Healthcare

On or around November 3, 2023, Crystal Run Healthcare, a multi-specialty medical group headquartered in Wallkill, New York, experienced a cyber-attack disrupting its computer systems. The organization publicly acknowledged the incident through a statement from spokeswoman Amy Charley, who emphasized their commitment to protecting patient information and maintaining system integrity. Crystal Run’s website displayed a prominent advisory notifying visitors of ongoing “System Interruptions” and indicating active efforts to resolve the issue. The notice specifically instructed individuals requiring urgent medical care to call 911 for emergencies rather than relying on the compromised systems. This disruption affected operations across the healthcare provider’s facilities serving New York’s Hudson Valley and Lower Catskill regions, though the precise technical scope of affected systems remained unspecified in initial communications.

The healthcare organization implemented immediate monitoring protocols to detect and respond to emerging threats across its infrastructure following the attack. While no details regarding data compromise or specific attacker methodologies were disclosed, Crystal Run’s public statements focused on operational continuity measures and patient safety directives. The company maintained public communication through its website advisory but did not provide restoration timelines or technical specifics about the nature of the systems impacted. The incident necessitated emergency service rerouting through external channels, as evidenced by the explicit 911 instructions for critical medical situations. Crystal Run’s response prioritized system integrity assessments and reactive threat management while continuing to serve patients through modified operational protocols during the disruption.