Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense

Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense

Joseph Izzo, chief medical information officer for San Joaquin General Hospital, addressed the pressing issue of ransomware attacks on healthcare facilities during his presentation at the RSAC 2026 Conference in San Francisco. He underscored the importance of thorough preparation in fortifying defenses against such cyber threats and maintaining high standards of patient care even during operational disruptions.

The Reality of Attacks

Izzo noted the stark contrast between undergoing ransomware training and encountering an actual attack. Healthcare organizations are prime targets for ransomware gangs due to the sensitive nature of the data they manage, and while not all attacks result in extensive outages, nuanced cyber incidents that impair functionality are frequent and necessitate quick and effective responses.

Key Recommendations

Izzo offered several essential recommendations for healthcare entities:

• Identity Protection: Establish robust identity verification protocols using non-digital methods to ensure security in the event of system failures.
• Operating Offline: Train staff to perform essential tasks manually with pen and paper, thus safeguarding patient care during digital outages.
• Planning for Partial Failures: Organizations should practice response protocols not only for complete system breakdowns but also for scenarios involving partial failures that could hinder recovery efforts.

Preparing Staff for Crisis

During a cyber incident, healthcare professionals often face limited access to comprehensive patient data, relying instead on patient self-reports, which may result in gaps in care provision. Izzo emphasized the necessity of maintaining a holistic view of patient information to mitigate risks related to assumptions and incomplete data sets.

The Need for Flexibility

Izzo warned that existing downtime procedures may not adequately address the dynamics of prolonged outages. Organizations must stay adaptable and proactive when devising strategies to manage the unpredictable elements of ransomware events.

Training and Exercises

To bolster readiness, Izzo recommends that healthcare organizations engage in regular tabletop exercises that integrate frontline personnel into the response framework. This inclusive approach not only mitigates staff fatigue but also promotes teamwork in managing crises effectively.

Embracing AI with Caution

As hospitals increasingly leverage artificial intelligence (AI), a set of new risks arises, including the emergence of shadow AI, which can introduce vulnerabilities. While AI holds the potential to enhance operational efficiency, it is essential for organizations to clearly define dependencies and conduct rehearsals that account for these technologies to ensure continued security and patient care integrity.

Conclusion

In conclusion, the effectiveness of a healthcare organization in recovering from a ransomware attack hinges on its level of preparation and rehearsal. Engaging all stakeholders is crucial for navigating the intricate challenges of maintaining patient care amid crisis situations.

For more insights, explore How Organizations Can Use Mistakes to Level Up Their Security Programs.