Skip to content
Tech News
← Back to articles

Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense

2026-04-01 | original
read original get Cybersecurity for Healthcare Kit → more articles
Why This Matters

This article highlights the critical importance of preparedness and incident response training for healthcare organizations facing ransomware attacks. As hospitals increasingly rely on digital systems, a swift and well-practiced response can significantly mitigate patient risks and data loss, emphasizing the need for robust cybersecurity measures in the healthcare sector.

Key Takeaways

RSAC 2026 CONFERENCE — San Francisco —Joseph Izzo, chief medical information officer for San Joaquin General Hospital, received ransomware training during a downtime period. He practiced responding and maintaining patient care when the facility is forced to operate offline. But when the hospital he was working at was actually hit with ransomware, he realized very quickly how "different it was under pressure."

Izzo shared his story at RSAC 2026 Conference and provided key incident response (IR) recommendations for healthcare organizations, a sector frequently targeted by ransomware gangs due to highly sensitive information. Ransomware doesn't always cripple hospitals, but partial attacks happen frequently, Izzo explained. A rapid response is necessary either way when serving a vulnerable population.

Recommendations ranged from identity protection to being prepared to operate with pen and paper in a digital world. Preparation is what really "makes the difference" when healthcare facilities are trying to get past a ransomware incident, Izzo emphasized.

Related:How Organizations Can Use Mistakes to Level Up Their Security Programs

Hospitals rely heavily on digital tools—for many healthcare professionals and Izzo, that's all they know. Patients wear barcoded wristbands for identity verification. Electronic Medical Records (EMR) list patients' allergies, medical history, potential drug interactions, and other pertinent records. During a ransomware incident, all these systems shut down. When systems break down, data becomes fragmented.

Healthcare staff may ask patients about their medical history, but it's "not a fair ask," and self-reporting can be unreliable, Izzo said. The fact that communications between other doctors, pharmacies, or hospitals may be compromised or insecure only adds to the challenges. Even fax machines could be offline. Medications prescribed and procedures performed during this time of incomplete information carry more risks for the patient, added Izzo. This could lead to potentially substandard care, he warned.

"Care relies on the entire picture, not just a snapshot in front of you," he said. "Without preparation such as making strong analog variations, error risk increases dramatically.

Forced To Adapt

Downtime playbooks do not help mitigate long-term outages stemming from ransomware; only those that last a week or so, warned Izzo, so being flexible and thinking outside the box is key. "Gray areas" or unpredictable failures that aren’t discussed but happen frequently can complicate recovery. Systems may be back online, but they're lagging, missing data, or only providing intermittent access. The "impossible question" becomes: "Do you trigger downtime or stay on that system?" Either way, there is risk.

Related:Software Development Practices Help Enterprises Tackle Real-Life Risks

... continue reading

Explore topics: ransomware hospitals san francisco emr
Related:
Your Art Can Go in This San Francisco Alley
Goodbye, Duolingo; I’ve found a much better language-learning app
InspectMind AI (YC W24) Is Hiring
CEO of America's Largest Public Hospital System Says He's Ready To Replace Radiologists With AI
Hasbro says it was hacked, and may take ‘several weeks’ to recover

© 2026 GoKawiil

About | Editorial Policy | Contact