A ransomware gang called Sinobi today took credit for a a cyber attack on Heywood Healthcare in Massachusetts.
Last month, Heywood said a cyber attack forced IT systems offline at both of the provider’s locations: Heywood Hospital in Gardner and Athol Hospital in Athol.
In a post on its data leak site, Sinobi claimed responsibility for the attack and said it stole 550 GB of data from Heywood. It demanded Heywood pay an undisclosed amount in ransom.
Heywood has not verified Sinobi’s claim. We do not know how many people are affected by the breach, what data was compromised, how attackers breached Heywood’s network, if Heywood paid a ransom, or how much Sinobi demanded. Comparitech contacted Heywood for comment and will update this article if it replies.
Heywood says the attack started on October 12 and that most services resumed by October 31.
“At this point, we have resumed most of our services, including outpatient lab (now open to walk-ins), radiology, clinics, and inpatient units, which are all back on network and on EHR. There are a small number of departments that are not yet fully restored, but we are working diligently to address those areas,” says Heywood’s October 31 post on Facebook.
Who is Sinobi?
Sinobi is a ransomware gang whose malware both locks down computer systems and steals data. It then extorts ransoms from victims to restore systems and destroy the stolen data. Sinobi operates a ransomware-as-a-service scheme in which affiliates pay to use Sinobi’s malware and infrastructure to launch attacks and collect ransoms.
Sinobi first started listing targeted organizations on its data leak site in July 2025. Since then, it’s claimed responsibility for 127 attacks, six of which were acknowledged by the targeted organizations.
Four out of those six confirmed attacks hit healthcare-related companies. In addition to Heywood, they include:
- Pittsburgh Gastroenterology Associates (August 2025)
- Central Jersey Medical Center (August 2025)
- Ever Care Corporation d/b/a Right at Home (September 2025)
Additionally, 16 of Sinobi’s unconfirmed claims said they breached healthcare providers.
Ransomware attacks on US healthcare
In 2025 to date, Comparitech researchers have logged 75 confirmed ransomware attacks on US healthcare providers, compromising nearly 7.6 million records. The average ransom demand is $495,000.
Other such recently confirmed attacks include:
- Family Health West (CO) reported an October 2025 data breach claimed by Devman
- Crenshaw Community Hospital (AL) reported a June 2025 data breach claimed by Payouts King
- Aunt Martha’s Health and Wellness (IL) says it refused to pay a ransom to unknown attackers in August 2025
Ransomware attacks on US hospitals, clinics, and other care providers can steal data and lock down infected computer systems. They can cripple critical systems and endanger the health, privacy, and security of patients. Infected hospitals and clinics must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk. Hospitals and clinics might resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.
About Heywood Healthcare
Heywood Healthcare is an independent, community-owned healthcare system serving North Central Massachusetts and Southern New Hampshire. It has two locations: a 134-bed hospital in Gardner, MA, and a 25-bed hospital in Athol, MA.
