|
If you caught the February 26, 2026 episode of HBO's "The Pitt," you saw something that felt almost too real to be TV drama. In Season 2, Episode 8 ("2:00 P.M."), the Pittsburgh Trauma Medical Center gets word that nearby hospitals have been hit by a ransomware attack. The call is made fast: shut everything down before it reaches them.
And just like that, one of the busiest emergency rooms on television goes completely dark.
The digital patient board goes blank. Electronic charts vanish. Doctors who haven't touched a paper form in years are suddenly digging through clipboards and file folders. A newer nurse freezes at the sound of a fax machine. Dr. Joy steps up with a photographic memory, reciting every patient name, condition, and status from scratch because that's the only record they have left. Staff are writing everything down in triplicate, hunting for ballpoint pens, and figuring out how to coordinate care the old-fashioned way. Every task that used to take seconds now takes minutes. And patients keep walking through the door.
It makes for gripping television. It's also a pretty accurate picture of what real hospitals have lived through.
This Has Already Happened. More Than Once.
The situations The Pitt portrays aren't invented for dramatic effect. Hospitals across the country have faced exactly this, and the real stories are just as striking.
Ascension Health, May 2024. One of the largest nonprofit hospital systems in the country, with 142 hospitals across 11 states, got hit by a ransomware attack. Staff were locked out of electronic health records for nearly four weeks. Nurses and doctors went back to paper charts. Some hospitals had to divert ambulances because coordinating incoming patients without digital systems was too risky. The attack contributed to more than a billion dollars in losses for that year alone, and the personal health information of nearly 5.6 million patients was compromised.
Change Healthcare, February 2024. This one wasn't a single hospital. Change Healthcare is a technology company that handles billing, claims, and prescription management for a massive portion of the U.S. healthcare system. When attackers locked up their systems, the ripple effect reached virtually every hospital in the country. Providers couldn't verify insurance, couldn't process prescriptions, and couldn't get paid. The disruption went on for weeks. More than 190 million Americans had their health information exposed, which makes it the largest healthcare data breach ever recorded. The company paid a $22 million ransom, and total losses are expected to surpass $2.9 billion.
McLaren Health Care, August 2024. This Michigan-based health system had attackers quietly inside their network for more than two weeks before anyone knew. Hospitals began diverting ambulances and rescheduling non-emergency procedures while staff worked through the outage manually. The breach ultimately affected over 743,000 patients. What stands out here is that McLaren had already been through a ransomware attack the year before. The same organization, hit twice in less than 12 months, is a reminder that recovering from one attack doesn't mean the work is done.
Frederick Health Medical Group, January 2025. A Maryland-based healthcare group was hit on January 27, 2025. Their systems went offline, ambulances were diverted, and the hospital was temporarily placed under a "mini disaster" designation by state emergency services. The breach ultimately affected nearly 934,000 patients. It's a sharp example of how fast things move when an organization isn't fully prepared.
These aren't rare or isolated events. Healthcare saw more ransomware attacks than any other industry in 2024, and the pace hasn't slowed. In just the first nine months of 2025, nearly 300 attacks were confirmed against hospitals, clinics, and direct care providers.
Why Do Attackers Keep Going After Hospitals?
It comes down to pressure. When a retailer gets hit by ransomware, they lose sales while they work to recover. When a hospital gets hit, patients can't get medications, test results go missing, and care slows down or stops. That's a different kind of pressure altogether, and it makes hospitals much more likely to move quickly to get their systems back.
On top of that, hospitals run on enormous, interconnected networks, often with older equipment mixed in alongside newer technology. A single employee clicking the wrong link in an email can give attackers a foothold that spreads across the entire organization before anyone realizes what's happening.
What Does Good Preparation Actually Look Like?
The good news is that this is very solvable. The Pitt showed us what it looks like to improvise your way through an unexpected shutdown. What it also showed, whether it meant to or not, is what it looks like when a team has at least some muscle memory for working without technology. The older doctors adapted faster because they had done it before. That kind of readiness is something every hospital can build.
Here's where to focus.
Write a business continuity plan and practice it. Going analog shouldn't be a surprise the first time your team tries it. A solid plan documents exactly how the hospital operates without digital systems, who does what, and how information moves. Running through it regularly means your staff knows what to do before they ever need to do it. It turns an unexpected situation into a manageable one.
Understand your network and keep systems separated. A lot of attacks have spread so far so fast because everything in the hospital is connected to everything else. When systems are separated thoughtfully, a problem in one area stays in that area. The reason the Pitt's leadership shut down the whole hospital rather than isolating the issue is that they couldn't be confident the problem wasn't already everywhere. Good network design gives you more options and more control.
Back things up and store those backups somewhere safe. Ransomware works by locking up your data and leaving you dependent on the attacker to get it back. Clean, recent backups stored somewhere separate from your main systems change that equation completely. Make sure those backups are tested regularly so you know they'll work when you need them.
Keep your team trained, consistently. Most ransomware attacks start with one email. Someone clicks a link that looked legitimate, enters their password on a convincing but fake page, or opens an attachment that wasn't what it seemed. Your people are genuinely your best protection here when they know what to look for. Ongoing awareness training, not a single annual session, is what keeps those instincts sharp.
Pay attention to the companies you work with. The Change Healthcare attack is the most vivid illustration of this. A hospital can do everything right internally and still be heavily impacted because a vendor they depend on gets hit. It's worth knowing which outside companies have access to your systems or patient data and making sure they're taking security seriously too.
Have a response plan ready before anything goes wrong. When something happens, the middle of it is a tough time to figure out who calls who, who talks to the public, and what systems get shut down in what order. Having clear answers to those questions in advance means your team can move quickly and confidently instead of getting slowed down by uncertainty.
The Bottom Line
The Pitt resonated because the scenario felt so plausible. It is plausible. It happens regularly, to hospitals of all sizes, in cities and small towns alike.
But preparation genuinely works. The organizations that get through these situations with the least disruption are the ones that treated cybersecurity as a real operational priority and built real plans around it. Every step you take toward preparation is a step toward staying in control when it matters most.
The fax machine moment on The Pitt was great TV. Let it also be a nudge. The best time to build your plan is before you ever need it.
|