Cyberattack continues to disrupt operations at Signature Healthcare

Signature Healthcare and Signature Healthcare Brockton Hospital are still recovering from a cyberattack that affected its information systems and forced it to divert ambulances. A Signature Healthcare spokesperson told local news outlets that it would continue running its downtime procedures for the next two weeks, with providers working off paper as EHR systems remain down. 

The incident began on April 6, when the Massachusetts health system first discovered suspicious activity within certain information systems. It immediately activated downtime procedures as a precaution.  

In its latest update, posted on its website on April 10, Signature Healthcare said that ambulance traffic was still being diverted, and retail pharmacies remained open for consultation but were unable to fill prescriptions.  

Signature Healthcare's patient portal system remains unavailable, lab work is continuing at a delayed pace and providers are currently unable to fulfill requests for medical records. However, chemotherapy infusion services have resumed and surgeries and procedures are continuing as scheduled. 

Anubis, a Ransomware-as-a-Service (RaaS) group, has reportedly claimed responsibility for the attack. The RaaS group claims to have two terabytes of stolen data and is presumably using it to pressure Signature Healthcare into paying a ransom. 

"First observed in late 2024, Anubis quickly drew attention on underground forums not because of scale, but because of intent," a January 2026 blog post about Anubis by cybersecurity company SOCRadar stated.  

"The operation positions encryption, data theft, access resale, and data destruction as interchangeable tools rather than sequential steps. This flexibility reshapes both the attacker's leverage and the defender's response priorities." 

A defining feature of Anubis, SOCRadar said, is its "wipe mode" capability, which allows it to overwrite files rather than encrypting them, thus enabling permanent data loss. 

"This capability removes the possibility of recovery even if a ransom is paid. The inclusion of a wiper option positions Anubis closer to destructive malware than traditional ransomware and significantly escalates operational risk for victims," the post noted. 

Signature Healthcare has not commented on Anubis or any specific cyberattack details. 

Jill Hughes has covered health tech news since 2021.