Cyber Incident Victim: Margaretville Hospital
Date:
Oct 2023
Location:
United States of America
Summary
A cyberattack impacted HealthAlliance Hospital, Margaretville Hospital, and Mountainside Residential Care Center, disrupting IT systems and prompting patient transfers, discharges, and ambulance diversions to other facilities within the WMCHealth Network. The organization proactively notified state and county health departments, engaged law enforcement including the FBI, and partnered with a cybersecurity firm to investigate the scope and restore systems. All connected IT systems were scheduled for a 24-hour shutdown followed by a phased restoration over the weekend, while walk-in patients continued to receive assessment and stabilization before potential transfer. The incident caused significant operational disruptions but maintained patient safety as the primary focus throughout the response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 19, 2023, Westchester Medical Center Health Network (WMCHealth) publicly confirmed a cyberattack impacting HealthAlliance Hospital in Kingston, Margaretville Hospital, and Mountainside Residential Care Center. The attack compromised IT systems, prompting immediate collaboration with law enforcement agencies including the FBI, a third-party cybersecurity firm, and notifications to the New York State Department of Health alongside Ulster and Delaware County officials. Within hours of discovery, WMCHealth initiated emergency protocols prioritizing patient safety, including diverting ambulances from HealthAlliance Hospital to neighboring facilities and transferring or discharging all inpatients. By Thursday evening, twelve HealthAlliance inpatients had been relocated—either discharged home or transferred to other WMCHealth Network hospitals such as Northern Dutchess Hospital in Rhinebeck, with Kingston Fire Department and Empress Ambulance Service assisting transports. Ulster County Executive Jen Metzger acknowledged the severity of the incident during a press event, describing the cyberattack as "terrifying" while awaiting further updates from emergency services.
WMCHealth announced a planned system-wide IT shutdown starting at 10 p.m. on October 20 to contain the threat and facilitate network restoration. All connected systems across the three affected facilities were expected to remain offline for approximately 24 hours, followed by a phased reactivation extending through the weekend. Despite the shutdown, HealthAlliance Hospital remained open to walk-in patients, who would be triaged, stabilized, and either released or transferred to other network facilities if necessary. The organization emphasized proactive communication with local EMS providers, regional hospitals, elected officials, health regulators, and patients’ families regarding service disruptions. No specifics about the attack vector, data compromise, or threat actor were disclosed, as the investigation into the scope and impacted systems remained ongoing. WMCHealth expressed regret for operational disruptions and committed to providing further community updates as restoration progressed.