Tag: healthcare cyber

Hospital Cyberattacks Are A Patient Safety Problem

Dr. Srinivas Mukkamala

By Dr. Srinivas Mukkamala, CEO, Securin.

When a hospital’s systems go dark, the danger doesn’t stay in the server room. It moves to the bedside.

That’s not a hypothetical. Recent threat intelligence found that healthcare organizations experienced a cyberattack roughly every 10 hours between January 2025 and February 2026 — the highest incident rate of any sector analyzed. Ransomware alone accounted for nearly 60% of those attacks.

HBO’s “The Pitt” dramatizes exactly what that looks like in practice. When two nearby hospitals are hit by a cyberattack, the fictional Pittsburgh Trauma Medical Center shuts down its connected systems to contain the threat. The digital patient board goes dark. Doctors revert to paper charts. Medication orders are delayed, lab results go missing, and clinicians are left making time-sensitive decisions without the patient histories they depend on. A missed life-threatening diagnosis follows.

The show is fiction. The operational risk it depicts is not.

Downtime Is a Patient Safety Problem

Healthcare has become an attractive target because disruption creates immediate pressure. Attackers understand that hospitals depend on continuous access to data, systems and connected devices. They also understand that downtime can affect patient flow, procedures, pharmacy operations, lab ordering and clinical decision-making.

The healthcare threat intelligence report describes healthcare as a sector with “life-or-death operational dependency,” high-value protected health information, chronic security underinvestment and complex legacy infrastructure. That combination makes hospitals vulnerable to attacks that affect both data security and care delivery.

When systems go down, the effects ripple across the organization. Ambulances may be diverted, procedures may be delayed or canceled, pharmacy systems may become unavailable and clinicians may lose access to electronic health records, prior diagnoses, medication histories, allergies and test results.

In a hospital, those are the foundations of safe, coordinated care. Cyber threats, therefore, carry greater risk than routine workflow interruptions.

“The Pitt” illustrates this dynamic by focusing on the mechanics of downtime. The tension comes from clinicians trying to work without the information and processes they normally rely on. Paper charts replace digital records. Verbal handoffs replace system visibility. Manual steps replace automated safeguards.

This is where healthcare leaders can focus their efforts. One takeaway from the show is not that hospitals should fear a dramatic ransomware scenario. The lesson is that downtime readiness must be treated as part of patient safety planning.

The Weak Points Are Often Familiar

Attackers don’t need sophistication, they need an opening. In healthcare, those openings are rarely exotic. The most common entry point is authentication bypass: flaws that let attackers reach privileged systems without proper credentials. In an environment where dozens of platforms, vendors, contractors and devices all need access to keep care moving, that risk compounds quickly.

The pattern that follows is predictable. A weakness in one layer – an unpatched remote access portal, an overlooked vendor credential, a known vulnerability that never got remediated – creates a failure somewhere else entirely. Lab ordering goes down. Pharmacy systems become unavailable. Imaging access disappears. What began as a security incident becomes a clinical one.

Every tracked vulnerability in our analysis appeared in the CISA Known Exploited Vulnerabilities catalog. Securin’s latest healthcare threat report makes the implication hard to ignore: the sector is overwhelmingly exposed to vulnerabilities we already know how to fix. That’s not a resource problem, it’s a prioritization one. Attackers follow the path of least resistance, and known, unpatched vulnerabilities remain valuable precisely because they persist in operational environments long after they’re publicly disclosed.

The report also found that many healthcare organizations, under pressure to restore operations quickly, continue to pay ransoms. That calculus is understandable at the moment, but it funds the next attack. Healthcare’s combination of operational urgency and chronic security underinvestment has made it the most reliably profitable sector for ransomware operators.

Cyber Resilience Has to Include Clinical Downtime

Preventing intrusions matters, but it’s not enough. The harder question for healthcare leaders is this: when critical systems become unavailable, can your hospital keep delivering care safely?

That question exposes a gap in how most organizations think about cyber risk. Security controls live in the IT department. Downtime procedures, if they exist, often live in a binder somewhere. But the consequences of a cyberattack play out in the ED, the pharmacy, the lab and the OR. Resilience planning has to reflect that.

The vulnerabilities most likely to cause hospital-wide disruption are well known: internet-facing systems, remote access tools, identity and authentication platforms, and administrative interfaces. Addressing those isn’t glamorous work, but leaving them unpatched while investing in more sophisticated defenses is like reinforcing the roof while leaving the front door open.

Operationally, the gap between security and care delivery has to close. Downtime procedures should be practiced with the people who actually deliver care – clinicians, nurses, pharmacists, lab teams – not just tested in an IT tabletop exercise. Teams need to know how to place paper orders, reconcile medications, track patients and hand off information safely when digital systems aren’t available. When systems come back online, the process of restoring and reconciling that information carries its own risks.

The Bedside Is Now Part of the Cyber Risk Model

The most frightening moments in “The Pitt” are not the attack itself. They are the human ones that follow: a missing patient history, a delayed medication order, a clinician making a life-or-death decision with incomplete information. The show resonates because it understands something that healthcare security teams have been trying to communicate for years – that in a hospital, a cyber incident is never just an IT problem.

Healthcare leaders cannot assume every attack will be prevented. The threat intelligence is too consistent, the attack surface too broad and the incentives for attackers too strong. But prevention is only half the mandate. The other half is ensuring that when systems fail -and some will – care teams can keep patients safe anyway.

That requires security fundamentals: closing the known vulnerabilities attackers are already exploiting, enforcing stronger access controls, segmenting networks so one compromised system doesn’t become a hospital-wide crisis. It also requires something harder to operationalize – a genuine integration of cyber resilience into patient safety planning, tested with the people who deliver care, not just the people who manage infrastructure.

When connected systems go dark in a hospital, the consequences move fast. A missed diagnosis. A lost order. A bad handoff. The gap between a cyber incident and a patient safety event can close in minutes.

Build resilience like that’s true. Because it is.