Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreic4ucju2ddfylavc3vr2tbss3co33c7ejemapqxlv2ocpybvwcohe",
    "uri": "at://did:plc:3mf3ql5qtnfwownblde4355r/app.bsky.feed.post/3mkkiqh73u3s2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreifcvvcdqxtzgmvmh4lehkfc2hndgznr65adf4gomil55xeroezb3m"
    },
    "mimeType": "image/webp",
    "size": 147108
  },
  "description": "The Grand Rapids-area provider says clinics remain open, but organizationwide technology issues have disrupted phones.",
  "path": "/cherry-health-cyberattack-michigan/",
  "publishedAt": "2026-04-28T11:38:46.000Z",
  "site": "https://dysruptionhub.com",
  "tags": [
    "reported",
    "Mile Bluff Medical Center",
    "Minidoka Memorial Hospital",
    "Signature Healthcare",
    "Gritman Medical Center",
    "Kent District Library",
    "Goodwill of Greater Grand Rapids"
  ],
  "textContent": "Cherry Health, a Grand Rapids, Michigan-based health care provider, is working through a systemwide technology outage that has disrupted its phone system, raising questions about a possible cybersecurity incident.\n\nCherry Health said it is “currently experiencing technology issues across Cherry Health, including our phone system,” while clinics remain open for scheduled visits. The organization has not publicly confirmed ransomware or said whether patient data was affected.\n\nA notice on Cherry Health’s website says the organization is experiencing technology issues, including its phone system, while clinics remain open for scheduled visits. (Cherry Health)\n\nCherry Health’s public notice describes organizationwide technology issues, including its phone system, rather than an isolated outage. The scope is similar to other health care outages later identified as cyber incidents, though Cherry Health has not publicly described the cause.\n\nA person who works at Cherry Health said the organization is experiencing another ransomware attack, speaking on condition of anonymity because they were not authorized to discuss the outage. DysruptionHub could not independently confirm the claim, and Cherry Health has not publicly described the cause.\n\nThe current outage comes after Cherry Health’s legal entity reported a ransomware incident in late 2023. A Maine attorney general filing said the Dec. 21 breach affected 184,372 people and was discovered three days later.\n\nThe Record reported in April 2024 that the 2023 incident exposed personal data, including financial information, but that Cherry Health did not name a ransomware group.\n\n****Chip in once****\nIf this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.\n\nTip us\n\n****Support us monthly****\nA small monthly pledge keeps independent coverage and our reader tools online for everyone.\n\nBecome a Supporter\n\nCherry Health is a Grand Rapids-based community health provider that offers primary care, dental, behavioral health, vision, pharmacy and other services at more than 20 locations across several counties.\n\nThe organization says it serves more than 70,000 patients a year regardless of insurance status or ability to pay. It has said scheduled visits are continuing, but has not detailed whether patient portals, medical records, billing, prescriptions or referrals are affected.\n\nThe possible cyberattack comes during a spring wave of health care disruptions, including incidents at Mile Bluff Medical Center in Wisconsin, Minidoka Memorial Hospital in Idaho, Signature Healthcare in Massachusetts and Gritman Medical Center clinics in Idaho. Providers in those cases reported outages affecting phones, computer systems, imaging access, ambulance routing or paper-record workflows while care continued.\n\nIt also follows other recent disruptions in the Grand Rapids area. Kent District Library said ransomware closed some branches in April, and Goodwill of Greater Grand Rapids was tied in March to an Interlock ransomware claim after point-of-sale problems forced stores to accept cash-only purchases. No connection among the incidents has been reported.\n\nCherry Health has not said what caused the outage, when full service will be restored or whether patient data was exposed. Those answers will determine whether the incident remains an operational disruption or becomes the organization’s second major cyber event in less than two years.\n\n****Attribution note:**** DysruptionHub credits upstream reporting and primary sources—see citations above. If this report informed your coverage, please cite DysruptionHub with a link.",
  "title": "Cherry Health outage in Michigan investigated as possible cyberattack",
  "updatedAt": "2026-04-28T11:50:44.190Z"
}