Cayuga Medical Center Suffers Cyberattack, Operations Temporarily Disrupted
A cyberattack targeting Cayuga Medical Center (CMC) on Tuesday evening, February 19, 2025, temporarily disrupted hospital operations. The incident led to the temporary pausing of emergency room admissions and the rerouting of ambulances to other facilities.
The Cyberattack and its Impact
The attempted cyberattack began Tuesday evening. It significantly impacted CMC’s computer systems, prompting a temporary diversion order around 8 p.m. This order lasted until approximately 10:45 p.m. During this period, ambulances were redirected to other hospitals, such as a facility in Cortland. One patient slated for transfer was moved to another hospital, but this was unrelated to the system shutdown.
According to CMC spokesperson Melissa Tourtellotte, the hospital was in “recovery mode” by 11:30 p.m. While new patients could be admitted, and ambulance rerouting ceased, some systems remained offline.
“There was an attempted cyber attack earlier [Tuesday] evening,” Tourtellotte stated. “We isolated systems as we assessed the situation. […] We are in recovery now and all systems are expected to be back online later [Tuesday] night.”
Patients waiting in the emergency room described a chaotic scene, with staff resorting to manual, paper-based check-in procedures. Some patients, frustrated by the wait, left before being admitted. Critically, patients experiencing strokes or STEMI (ST-elevation myocardial infarction, or heart attack) were diverted, as mandated by state regulations during such outages.
The hospital successfully mitigated the cyberattack, preventing a full system breach. By Wednesday morning, CMC was fully operational. A hospital official confirmed the cyberattack was unsuccessful in penetrating the hospital’s system, despite the resulting operational difficulties. The nature of the cyberattack and its motives remain unclear.
