
By Dr. Srinivas Mukkamala, CEO, Securin.
When a hospital’s techniques go darkish, the hazard doesn’t keep within the server room. It strikes to the bedside.
That’s not a hypothetical. Current menace intelligence discovered that healthcare organizations skilled a cyberattack roughly each 10 hours between January 2025 and February 2026 — the best incident charge of any sector analyzed. Ransomware alone accounted for almost 60% of these assaults.
HBO’s “The Pitt” dramatizes precisely what that appears like in observe. When two close by hospitals are hit by a cyberattack, the fictional Pittsburgh Trauma Medical Middle shuts down its linked techniques to include the menace. The digital affected person board goes darkish. Medical doctors revert to paper charts. Remedy orders are delayed, lab outcomes go lacking, and clinicians are left making time-sensitive choices with out the affected person histories they rely upon. A missed life-threatening prognosis follows.
The present is fiction. The operational threat it depicts will not be.
Downtime Is a Affected person Security Downside
Healthcare has turn out to be a lovely goal as a result of disruption creates quick strain. Attackers perceive that hospitals rely upon steady entry to knowledge, techniques and linked gadgets. Additionally they perceive that downtime can have an effect on affected person circulate, procedures, pharmacy operations, lab ordering and scientific decision-making.
The healthcare menace intelligence report describes healthcare as a sector with “life-or-death operational dependency,” high-value protected well being info, persistent safety underinvestment and sophisticated legacy infrastructure. That mixture makes hospitals susceptible to assaults that have an effect on each knowledge safety and care supply.
When techniques go down, the results ripple throughout the group. Ambulances could also be diverted, procedures could also be delayed or canceled, pharmacy techniques might turn out to be unavailable and clinicians might lose entry to digital well being information, prior diagnoses, treatment histories, allergic reactions and take a look at outcomes.
In a hospital, these are the foundations of protected, coordinated care. Cyber threats, due to this fact, carry higher threat than routine workflow interruptions.
“The Pitt” illustrates this dynamic by specializing in the mechanics of downtime. The strain comes from clinicians attempting to work with out the data and processes they usually depend on. Paper charts substitute digital information. Verbal handoffs substitute system visibility. Guide steps substitute automated safeguards.
That is the place healthcare leaders can focus their efforts. One takeaway from the present will not be that hospitals ought to worry a dramatic ransomware state of affairs. The lesson is that downtime readiness should be handled as a part of affected person security planning.
The Weak Factors Are Usually Acquainted
Attackers don’t want sophistication, they want a gap. In healthcare, these openings are not often unique. The most typical entry level is authentication bypass: flaws that allow attackers attain privileged techniques with out correct credentials. In an surroundings the place dozens of platforms, distributors, contractors and gadgets all want entry to maintain care transferring, that threat compounds rapidly.
The sample that follows is predictable. A weak spot in a single layer – an unpatched distant entry portal, an missed vendor credential, a identified vulnerability that by no means obtained remediated – creates a failure someplace else totally. Lab ordering goes down. Pharmacy techniques turn out to be unavailable. Imaging entry disappears. What started as a safety incident turns into a scientific one.
Each tracked vulnerability in our evaluation appeared within the CISA Identified Exploited Vulnerabilities catalog. Securin’s newest healthcare menace report makes the implication arduous to disregard: the sector is overwhelmingly uncovered to vulnerabilities we already know the way to repair. That’s not a useful resource downside, it’s a prioritization one. Attackers observe the trail of least resistance, and identified, unpatched vulnerabilities stay beneficial exactly as a result of they persist in operational environments lengthy after they’re publicly disclosed.
The report additionally discovered that many healthcare organizations, underneath strain to revive operations rapidly, proceed to pay ransoms. That calculus is comprehensible in the meanwhile, but it surely funds the subsequent assault. Healthcare’s mixture of operational urgency and persistent safety underinvestment has made it essentially the most reliably worthwhile sector for ransomware operators.
Cyber Resilience Has to Embrace Scientific Downtime
Stopping intrusions issues, but it surely’s not sufficient. The more durable query for healthcare leaders is that this: when vital techniques turn out to be unavailable, can your hospital maintain delivering care safely?
That query exposes a spot in how most organizations take into consideration cyber threat. Safety controls reside within the IT division. Downtime procedures, in the event that they exist, typically reside in a binder someplace. However the penalties of a cyberattack play out within the ED, the pharmacy, the lab and the OR. Resilience planning has to replicate that.
The vulnerabilities probably to trigger hospital-wide disruption are well-known: internet-facing techniques, distant entry instruments, identification and authentication platforms, and administrative interfaces. Addressing these isn’t glamorous work, however leaving them unpatched whereas investing in additional refined defenses is like reinforcing the roof whereas leaving the entrance door open.
Operationally, the hole between safety and care supply has to shut. Downtime procedures ought to be practiced with the individuals who really ship care – clinicians, nurses, pharmacists, lab groups – not simply examined in an IT tabletop train. Groups must know the way to place paper orders, reconcile medicines, monitor sufferers and hand off info safely when digital techniques aren’t out there. When techniques come again on-line, the method of restoring and reconciling that info carries its personal dangers.
The Bedside Is Now A part of the Cyber Threat Mannequin
Essentially the most horrifying moments in “The Pitt” will not be the assault itself. They’re the human ones that observe: a lacking affected person historical past, a delayed treatment order, a clinician making a life-or-death determination with incomplete info. The present resonates as a result of it understands one thing that healthcare safety groups have been attempting to speak for years – that in a hospital, a cyber incident isn’t simply an IT downside.
Healthcare leaders can’t assume each assault will probably be prevented. The menace intelligence is just too constant, the assault floor too broad and the incentives for attackers too sturdy. However prevention is just half the mandate. The opposite half is guaranteeing that when techniques fail -and some will – care groups can maintain sufferers protected anyway.
That requires safety fundamentals: closing the identified vulnerabilities attackers are already exploiting, imposing stronger entry controls, segmenting networks so one compromised system doesn’t turn out to be a hospital-wide disaster. It additionally requires one thing more durable to operationalize – a real integration of cyber resilience into affected person security planning, examined with the individuals who ship care, not simply the individuals who handle infrastructure.
When linked techniques go darkish in a hospital, the results transfer quick. A missed prognosis. A misplaced order. A foul handoff. The hole between a cyber incident and a affected person security occasion can shut in minutes.
Construct resilience like that’s true. As a result of it’s.
