Cyber Incident Victim: Watsonville Community Hospital
Date:
Nov 2024
Location:
United States of America
Summary
Watsonville Community Hospital experienced a cyberattack causing a network outage that disrupted electronic health records, prescription systems, and internet connectivity for over a week, forcing staff to rely on paper-based operations. The incident delayed emergency services due to manual processing of X-ray and lab requests, requiring additional personnel to hand-deliver orders, though normal operations have since resumed. Third-party investigators are still determining the attack type and whether personal data was compromised, while the hospital has integrated paper records collected during the outage into its restored electronic systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Watsonville Community Hospital experienced a significant disruption to its IT systems beginning November 29, 2024, when a cyberattack forced a network outage lasting more than eight days. Hospital spokesperson Nancy Gere confirmed the incident caused a complete shutdown of internet connectivity and critical electronic systems, including those managing patient charts and prescription notifications. Staff immediately reverted to manual paper-based operations for all clinical and administrative functions, maintaining essential services despite operational challenges. The hospital engaged third-party IT specialists to investigate the nature and scope of the attack, though Gere stated the specific type of cyber intrusion remained unidentified as of the restoration date. IT systems were gradually reactivated over several days preceding November 29, with electronic health records subsequently updated to incorporate data manually recorded during the outage. Emergency services faced particular strain during the disruption, as X-ray and lab order processing required physical delivery of requests between departments, necessitating additional staffing to mitigate delays. By November 29, emergency operations had resumed normal functionality alongside the broader network restoration.
The cyberattack's operational impacts included prolonged procedural delays across multiple departments, with staff adapting workflows to accommodate paper-based documentation and communication. Gere acknowledged patient inconvenience caused by slower service delivery but noted widespread public patience throughout the incident. No determination regarding potential compromise of personal information had been reached by investigators at the time of reporting, with forensic analysis continuing post-recovery. Hospital administration emphasized gratitude toward both patients and staff for maintaining care standards under exceptional circumstances, while refraining from disclosing technical details of the attack vector or remediation measures beyond confirming system restoration. Ongoing investigation activities focused on establishing attack attribution, data exposure risks, and infrastructure vulnerabilities without providing public timelines for conclusions.