Cyber Incident Victim: Mountainside Residential Care Center
Date:
Oct 2023
Location:
United States of America
Summary
A cyberattack impacted IT systems at a healthcare network including Mountainside Residential Care Center and affiliated hospitals, prompting patient transfers and discharges as a precautionary measure. The organization diverted ambulances to other facilities while maintaining emergency walk-in services with potential stabilization and transfers. All connected systems were temporarily shut down for approximately 24 hours followed by phased restoration efforts. Law enforcement including the FBI and a third-party cybersecurity firm assisted in investigating the attack's scope, with notifications made to state health departments, county officials, EMS providers, and patients' families during the ongoing response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or before October 19, 2023, the Westchester Medical Center Health Network (WMCHealth) discovered a cyberattack impacting HealthAlliance Hospital in Kingston, Margaretville Hospital, and Mountainside Residential Care Center. The attack compromised IT systems across these facilities, prompting immediate notification to the New York State Department of Health, Ulster and Delaware County officials, law enforcement including the FBI, and engagement of a third-party cybersecurity firm to investigate the scope and impacted systems. By October 19, WMCHealth initiated emergency protocols prioritizing patient safety, including discharging or transferring all HealthAlliance Hospital inpatients—12 of whom were moved that day—to other network hospitals like Northern Dutchess Hospital in Rhinebeck. Ambulances were diverted from HealthAlliance to nearby facilities, though walk-in patients continued to be assessed, stabilized, and transferred if necessary. Kingston Fire Department and Empress Ambulance Service assisted patient transfers, while Ulster County Executive Jen Metzger acknowledged delayed awareness of the patient relocation during a late Thursday press event, calling the attack "terrifying."
To contain the threat, WMCHealth scheduled a full shutdown of all connected IT systems at the three facilities starting at 10 p.m. on October 20, anticipating a 24-hour outage followed by a rolling restoration expected to extend through the weekend. The network emphasized proactive communication with local EMS operators, affected medical facilities, elected officials, and patients’ families regarding service disruptions. No ransomware or specific attacker details were disclosed, and the investigation remained ongoing as of the last update. Operational impacts included prolonged system downtime, patient transfers across the network, and temporary loss of ambulance services to HealthAlliance Hospital, though emergency care for walk-ins continued under modified protocols. WMCHealth committed to resolving the incident swiftly and providing further community updates as restoration progressed.