Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense
Summary
At RSAC 2026 Joseph Izzo, chief medical information officer for San Joaquin General Hospital, outlined how ransomware inevitably hits healthcare organisations and why rehearsal and preparation determine whether patient care stabilises or spirals. Izzo shared that real incidents feel very different from drills: partial outages and “grey‑zone” failures are common, not just total system collapse. He recommends mapping where identity, information and execution depend on digital systems, building strong analogue fallbacks (pen and paper, prevalidated paper medication records, two‑person checks), and rehearsing believable scenarios — including degraded, intermittent failures.
The article stresses that downtime playbooks alone don’t solve long outages; flexibility and the involvement of frontline staff in tabletop exercises reduce burnout and produce better, faster responses. Izzo also warns about shadow AI and other unapproved tools expanding the attack surface, so hospitals should include those risks in planning.
Key Points
- Ransomware against hospitals is inevitable; rehearsals materially improve outcomes.
- Partial and “grey‑zone” failures are common — practise these, not just total outages.
- Map critical dependencies for identity, information and execution so analogue fallbacks can be prepared.
- Implement redundant identity checks: two‑person confirmation and prevalidated paper Medication Administration Records (MARs).
- Run tabletop exercises that include frontline staff to test responses and reduce burnout.
- Downtime playbooks aren’t enough for prolonged outages — be ready to adapt and think outside playbook steps.
- Account for shadow AI and unapproved tools as additional attack vectors in rehearsal planning.
Context and Relevance
Healthcare continues to be a prime target for ransomware because of sensitive data and the pressure to restore services quickly. This piece is timely: regulators, insurers and suppliers are increasingly focused on operational resilience, and hospitals are rapidly adopting AI and other digital tools that expand both capability and risk. The recommendations are practical, low‑tech where necessary, and align with wider industry moves towards resilience testing and incident response readiness.
Why should I read this?
Because it’s short, sharp and written by someone who sat in the hot seat. If you work in healthcare IT, clinical operations, or support hospitals, this article tells you what to rehearse and why — nothing fluffy. Do the drills that mimic real messy failures, sort out identity checks now, and involve the people who actually deliver care. Read it and save yourself chaos later.