Cyber Incident Victim: Westchester Medical Center Health Network
Date:
Oct 2023
Location:
United States of America
Summary
Westchester Medical Center Health Network experienced a cyberattack impacting IT systems across HealthAlliance Hospital, Margaretville Hospital, and Mountainside Residential Care Center, prompting patient transfers, discharges, and ambulance diversions to other network facilities. The network initiated system-wide shutdowns to restore secure operations, collaborating with law enforcement including the FBI, a third-party cybersecurity firm, and state health authorities during the ongoing investigation. While emergency walk-in care continued with assessments and stabilizations, all connected systems remained offline for restoration over multiple days, with patient safety and community communication prioritized throughout the disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 19, 2023, Westchester Medical Center Health Network (WMCHealth) confirmed a cyberattack impacting HealthAlliance Hospital in Kingston, Margaretville Hospital, and Mountainside Residential Care Center. The attack compromised IT systems, prompting immediate notification to the New York State Department of Health, Ulster and Delaware County officials, the FBI, and engagement of a third-party cybersecurity firm to investigate the scope and impacted systems. WMCHealth initiated emergency protocols including discharging or transferring all HealthAlliance Hospital inpatients, with a dozen patients moved or discharged on October 19 alone. Ambulances were diverted to other network facilities or nearby hospitals such as Northern Dutchess Hospital in Rhinebeck, though walk-in patients continued to be assessed at HealthAlliance with stabilization and transfers as needed. Ulster County Executive Jen Metzger acknowledged the county’s emergency services director was coordinating updates, calling the attack "terrifying" while noting initial unawareness of patient transfer decisions.
WMCHealth announced a planned shutdown of all connected IT systems across the three facilities starting at 10 p.m. on October 20, anticipating 24 hours of downtime followed by a rolling restoration expected to extend through the weekend. The network emphasized patient safety as the primary motive for preemptive measures, including maintained communication with EMS operators, regional medical facilities, elected officials, and patients’ families. While Margaretville Hospital and Mountainside Residential Care Center faced identical IT disruptions, specific operational impacts beyond HealthAlliance’s inpatient transfers weren’t detailed. No ransomware specifics or data compromise claims were disclosed, with the investigation remaining ongoing. The organization reiterated commitments to resolving the issue promptly and providing community updates, though no restoration completion date or attacker attribution was confirmed.