Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense

CYBERSECURITY OPERATIONS Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense A chief medical information officer provided a peek into what hospitals face when they inevitably suffer a ransomware attack—whether it leads to short or long-term outages. Arielle Waldman,Features Writer,Dark Reading April 1, 2026 3 Min Read SOURCE: OLECKII MACH VIA ALAMY STOCK PHOTO RSAC 2026 CONFERENCE — San Francisco —Joseph Izzo, chief medical information officer for San Joaquin General Hospital, received ransomware training during a downtime period. He practiced responding and maintaining patient care when the facility is forced to operate offline. But when the hospital he was working at was actually hit with ransomware, he realized very quickly how "different it was under pressure."  Izzo shared his story at RSAC 2026 Conference and provided key incident response (IR) recommendations for healthcare organizations, a sector frequently targeted by ransomware gangs due to highly sensitive information. Ransomware doesn't always cripple hospitals, but partial attacks happen frequently, Izzo explained. A rapid response is necessary either way when serving a vulnerable population. Recommendations ranged from identity protection to being prepared to operate with pen and paper in a digital world. Preparation is what really "makes the difference" when healthcare facilities are trying to get past a ransomware incident, Izzo emphasized.  Related:How Organizations Can Use Mistakes to Level Up Their Security Programs Prep When Digital Tools Fail Hospitals rely heavily on digital tools—for many healthcare professionals and Izzo, that's all they know. Patients wear barcoded wristbands for identity verification. Electronic Medical Records (EMR) list patients' allergies, medical history, potential drug interactions, and other pertinent records. During a ransomware incident, all these systems shut down. When systems break down, data becomes fragmented. Healthcare staff may ask patients about their medical history, but it's "not a fair ask," and self-reporting can be unreliable, Izzo said. The fact that communications between other doctors, pharmacies, or hospitals may be compromised or insecure only adds to the challenges. Even fax machines could be offline. Medications prescribed and procedures performed during this time of incomplete information carry more risks for the patient, added Izzo. This could lead to potentially substandard care, he warned. "Care relies on the entire picture, not just a snapshot in front of you," he said. "Without preparation such as making strong analog variations, error risk increases dramatically.  Forced To Adapt Downtime playbooks do not help mitigate long-term outages stemming from ransomware; only those that last a week or so, warned Izzo, so being flexible and thinking outside the box is key. "Gray areas" or unpredictable failures that aren’t discussed but happen frequently can complicate recovery. Systems may be back online, but they're lagging, missing data, or only providing intermittent access. The "impossible question" becomes: "Do you trigger downtime or stay on that system?" Either way, there is risk. Related:Software Development Practices Help Enterprises Tackle Real-Life Risks Therefore, it is important to rehearse partial and gray-zone failures — not just total outages, Izzo recommended.  Hospitals must even be ready when ransomware hits surrounding healthcare organizations, which are forced to divert patient care. "Preparation determines if the situation escalates or stabilizes," he said.  Rehearse, and Then Rehearse Some More Ransomware disruptions and risks extend across healthcare organizations. To protect the identity piece, human review and multiple checks are key. For example, organizations can implement redundant verification workflows, two-person high-risk confirmation, and pre-validated paper Medication Administration Record processes, he recommends.  To address degraded care situations, hospitals and clinicians should run tabletop exercises that include frontline staff in planning and response. Izzo observed less burnout when they were involved in these conversations. Since hospitals are increasingly using artificial intelligence (AI) alongside digital tools, they should also understand the broader risks shadow AI poses when they use unapproved tools that represent a whole other attack vector. While it is beneficial, it's important to "be careful" with AI, he warned.  Related:How to Stay on Top of Future Threats With a Cutting-Edge SOC But mapping where "identity, information, and execution depend on digital systems" in one place is step one. "Rehearse, and use believable or real cases," he urged.   About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.     Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBERSECURITY OPERATIONS China Imposes One-Hour Reporting Rule for Major Cyber Incidents by Robert Lemos, Contributing Writer OCT 01, 2025 CYBERSECURITY OPERATIONS Women Who 'Hacked the Status Quo' Aim to Inspire Security Careers by Elizabeth Montalbano, Contributing Writer JUL 16, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 CYBERSECURITY OPERATIONS Secure Communications Evolve Beyond End-to-End Encryption by Robert Lemos, Contributing Writer APR 04, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge CYBERSECURITY ANALYTICS Are We Training AI Too Late? APR 1, 2026 VULNERABILITIES & THREATS Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles MAR 26, 2026 CYBERSECURITY OPERATIONS How Organizations Can Use Mistakes to Level Up Their Security Programs MAR 26, 2026 CYBER RISK Why a 'Near-Miss' Database Is Key to Improving Information Sharing MAR 25, 2026 Read More The Edge Want more Dark Reading stories in your Google search results? Loading... BLACK HAT ASIA | MARINA BAY SANDS, SINGAPORE Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS