On approximately 7 April 2026, a Massachusetts healthcare system disclosed it was experiencing a cyberattack that forced the organisation to divert ambulance patients to other facilities and operate under full downtime procedures. The healthcare system’s clinical and administrative IT systems were taken offline as a containment measure. Downtime procedures — the reversion to paper-based workflows for patient care documentation, medication ordering, and clinical decision-making — indicate a significant disruption to the EHR and hospital information systems. Ambulance diversion is among the most serious patient safety impacts of healthcare cyberattacks, as critically ill patients may require transport to more distant facilities, potentially worsening outcomes in time-sensitive conditions such as stroke or cardiac arrest. The healthcare organisation was working with cybersecurity firms and law enforcement to investigate and restore systems. The incident occurred on the same day (7 April 2026) as the ChipSoft Netherlands hospitals ransomware attack, illustrating the continued and intensifying targeting of healthcare infrastructure globally. The full identity of the Massachusetts healthcare system and the specific threat actor responsible had not been publicly confirmed at time of initial reporting. Massachusetts has been disproportionately affected by healthcare ransomware attacks given its concentration of major academic medical centers and community hospitals. This incident adds to a pattern of 2026 healthcare sector attacks that include Frederick Health (January), Kettering Health (May 2025), and numerous others.