TP-2026-0048 high AI Draft C

Patriot Regional Emergency Communications Center Cyberattack

Date April 1, 2026
Attack Type disruption Sector Government / Emergency Services
Geography United States (Massachusetts)
Threat Actor Unknown
Attribution A4
Confidence C

Summary

The Patriot Regional Emergency Communications Center (PRECC) in Pepperell, Massachusetts disclosed a cyberattack that disrupted town and public-safety computer systems serving several northern Massachusetts communities. Public reporting said the incident affected non-emergency and business phone lines, while 9-1-1 service remained operational on separate infrastructure.

The affected regional hub supports emergency communications for Pepperell and other member towns, including Ashby, Dunstable, Groton, and Townsend. Officials said they engaged outside cybersecurity specialists, their insurance provider, and state and federal law enforcement partners after learning of the attack. Public reporting also noted that experts were still determining whether any information had been accessed or stolen.

Technical Analysis

What is publicly confirmed is limited but clear: the incident affected town and public-safety computer systems and took non-emergency and business phone lines offline. Boston 25 and The Record both reported that officials first learned of the issue early Tuesday morning, and GovTech reported that some towns disabled system connections to PRECC after the breach notice.

Public reporting did not identify the exact intrusion vector, malware family, or root cause. The Record noted that the PRECC environment is linked to CodeRED, an emergency notification service that had its own November 2025 cyber incident at parent company Crisis24. That relationship is relevant context, but the available reporting does not establish that the PRECC intrusion was caused by the earlier CodeRED breach or by reuse of any Crisis24-exposed credentials.

Attack Chain

Stage 1: Cyberattack Discovered at PRECC

Officials in member towns said PRECC and local public-safety teams became aware of the cyberattack early on Tuesday, March 31, 2026.

Stage 2: Communications Systems Disrupted

The intrusion affected town and public-safety computer systems and caused non-emergency and business phone lines to go out of service across multiple departments and towns.

Stage 3: Segmented 9-1-1 Infrastructure Holds

Despite the disruption, officials said 9-1-1 services continued operating. Public reporting attributed that continuity to separate emergency infrastructure rather than full service recovery across the entire environment.

Stage 4: Containment and Workarounds

Affected towns said they engaged outside cybersecurity specialists and law-enforcement partners, while some agencies disabled connections to PRECC and shifted communications to mutual-aid channels, radio, and alternate phone-routing procedures.

Impact Assessment

The operational impact fell on non-emergency and business communications for police, fire, and EMS departments tied to PRECC. GovTech reported service disruption in Pepperell, Dunstable, Townsend, Ashby, and Groton, with Townsend restoring some affected lines sooner than the others.

The incident did not shut down emergency dispatch entirely, but it reduced resilience across the broader public-safety environment. When a regional communications center loses non-emergency and administrative channels, agencies still have to absorb call-routing changes, backup procedures, and coordination overhead during the response period.

Attribution

No public source reviewed for this rewrite identified the responsible threat actor, attack origin, or a confirmed malware family. GovTech explicitly reported that town officials did not indicate where the attack originated or what type of attack it was.

The prior November 2025 CodeRED and Crisis24 incident remains context rather than attribution evidence for the April 2026 PRECC disruption. The safer public posture is therefore to keep attribution at Unknown and avoid treating the earlier vendor breach as a proven parent cause.

Timeline

2026-03-31 — PRECC and member towns discover the intrusion

Town officials said they first became aware of the cyberattack early Tuesday morning.

2026-04-01 — Pepperell discloses the cyberattack publicly

Boston 25 reported that Pepperell officials said the cyberattack affected public-safety computer systems while 9-1-1 service continued operating normally.

2026-04-02 — Regional impact across multiple towns is reported

GovTech reported disruption in Pepperell, Dunstable, Townsend, Ashby, and Groton, and said some towns disabled connections to PRECC while response and restoration work continued.

2026-04-03 — The Record reports federal-law-enforcement notification

The Record said federal law enforcement had been notified and that investigators were still determining whether any information had been accessed or stolen.

Remediation & Mitigation

  1. Keep 9-1-1 services isolated from administrative and non-emergency communications infrastructure.
  2. Disable or segment affected regional-center connections during active incident response, as Dunstable reported doing.
  3. Use alternate numbers, mutual-aid channels, and radio procedures for non-emergency operations until service is restored.
  4. Review authentication, connectivity, and vendor exposure around linked emergency-notification platforms such as CodeRED without assuming they were the attack path.
  5. Preserve logs and system state for joint review by outside responders and state or federal law-enforcement partners.

Sources & References

emergency-servicesgovernmentmassachusettspublic-safetyservice-disruptioncoderedcrisis24