Heywood Medical Breach Affects Entire IT Network & Both Hospitals

Heywood Medical Group, along with Heywood Hospital and Athol Hospital, experienced a major cyberattack. The incident began the morning of Oct. 12, 2025, and caused Heywood Hospital initiate a Code Black diversion. Athol Hospital then proceeded to experienced a network outage on Oct. 13, 2025, causing ambulance diversions at both hospitals.

The data breach affected the entire Heywood Medical Group IT infrastructure. The attack disrupted a wide range of services, including radiology and laboratory operations, email, and phone communications. An update posted on the Heywood Hospital Facebook page on Oct. 16, 2025 stated that cybersecurity response protocols had been initiated, however certain systems still remained unavailable. According to a report from HealthcareInfoSecurity, the attack caused significant operational disruption.

This type of cyberattack may have compromised both personal and protected health information belonging to thousands of Heywood Medical Group and hospital patients. Exposed data may include names, contact information, dates of birth, Social Security numbers, driver's license or state ID copies, health insurance information, detailed medical information and records and payment information.

Heywood Medical Group's response

As of this writing, the full scope of the breach, including the number of individuals affected, the specific data exposed, and whether ransomware or data exfiltration was involved, has not been publicly disclosed. Heywood is working with third-party cybersecurity experts to restore functionality and assess the situation.

The medical group will work to identify and notify affected patients and employees, in addition to making required state and federal data breach disclosures.

If you believe your personal and protected health information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Heywood Medical Group, one of its hospitals or your provider.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

For more information about the healthcare organization, visit the Heywood Medical Group website.