TechTarget and Informa Tech’s Digital Business Combine. TechTarget and Informa TechTarget and Informa Tech’s Digital Business Combine. Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise Newsletter Sign-Up Newsletter Sign-Up Cybersecurity Topics Related Topics Application Security Cybersecurity Careers Cloud Security Cyber Risk Cyberattacks & Data Breaches Cybersecurity Analytics Cybersecurity Operations Data Privacy Endpoint Security ICS/OT Security Identity & Access Mgmt Security Insider Threats IoT Mobile Security Perimeter Physical Security Remote Workforce Threat Intelligence Vulnerabilities & Threats Recent in Cybersecurity Topics Sponsored Content AI Is Redefining Software Supply Chain Security AI Is Redefining Software Supply Chain Security by Terry Sweeney Apr 1, 2026 Sponsored Content AI Bots Are Breaking Traditional Bot Detection Models AI Bots Are Breaking Traditional Bot Detection Models by Terry Sweeney Apr 1, 2026 World Related Topics DR Global Middle East & Africa Asia Pacific Latin America Recent in World See All Application Security Real-Time Banking Trojan Strikes Brazil's Pix Users Real-Time Banking Trojan Strikes Brazil's Pix Users by Alexander Culafi Mar 13, 2026 4 Min Read Threat Intelligence Iran's Cyber-Kinetic War Doctrine Takes Shape Iran's Cyber-Kinetic War Doctrine Takes Shape by Alexander Culafi Mar 6, 2026 4 Min Read The Edge DR Technology Events Related Topics Upcoming Events Podcasts Webinars SEE ALL Resources Related Topics Resource Library Newsletters Podcasts Reports Videos Webinars White Papers Partner Perspectives Dark Reading Resource Library Cybersecurity Operations Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense A chief medical information officer provided a peek into what hospitals face when they inevitably suffer a ransomware attack—whether it leads to short or long-term outages. Arielle Waldman , Features Writer , Dark Reading April 1, 2026 3 Min Read Source: Oleckii Mach via Alamy Stock Photo RSAC 2026 CONFERENCE — San Francisco — Joseph Izzo, chief medical information officer for San Joaquin General Hospital, received ransomware training during a downtime period. He practiced responding and maintaining patient care when the facility is forced to operate offline. But when the hospital he was working at was actually hit with ransomware, he realized very quickly how "different it was under pressure." Izzo shared his story at RSAC 2026 Conference and provided key incident response (IR) recommendations for healthcare organizations, a sector frequently targeted by ransomware gangs due to highly sensitive information. Ransomware doesn't always cripple hospitals , but partial attacks happen frequently, Izzo explained. A rapid response is necessary either way when serving a vulnerable population. Recommendations ranged from identity protection to being prepared to operate with pen and paper in a digital world. Preparation is what really "makes the difference" when healthcare facilities are trying to get past a ransomware incident, Izzo emphasized. Related: How Organizations Can Use Mistakes to Level Up Their Security Programs Prep When Digital Tools Fail Hospitals rely heavily on digital tools—for many healthcare professionals and Izzo, that's all they know. Patients wear barcoded wristbands for identity verification. Electronic Medical Records (EMR) list patients' allergies, medical history, potential drug interactions, and other pertinent records. During a ransomware incident, all these systems shut down. When systems break down, data becomes fragmented. Healthcare staff may ask patients about their medical history, but it's "not a fair ask," and self-reporting can be unreliable, Izzo said. The fact that communications between other doctors, pharmacies, or hospitals may be compromised or insecure only adds to the challenges. Even fax machines could be offline. Medications prescribed and procedures performed during this time of incomplete information carry more risks for the patient, added Izzo. This could lead to potentially substandard care, he warned. "Care relies on the entire picture, not just a snapshot in front of you," he said. "Without preparation such as making strong analog variations, error risk increases dramatically. Forced To Adapt Downtime playbooks do not help mitigate long-term outages stemming from ransomware; only those that last a week or so, warned Izzo, so being flexible and thinking outside the box is key. "Gray areas" or unpredictable failures that aren’t discussed but happen frequently can complicate recovery. Systems may be back online, but they're lagging, missing data, or only providing intermittent access. The "impossible question" becomes: "Do you trigger downtime or stay on that system?" Either way, there is risk. Related: Software Development Practices Help Enterprises Tackle Real-Life Risks Therefore, it is important to rehearse partial and gray-zone failures — not just total outages, Izzo recommended. Hospitals must even be ready when ransomware hits surrounding healthcare organizations, which are forced to divert patient care. "Preparation determines if the situation escalates or stabilizes," he said. Rehearse, and Then Rehearse Some More Ransomware disruptions and risks extend across healthcare organizations. To protect the identity piece, human review and multiple checks are key. For example, organizations can implement redundant verification workflows, two-person high-risk confirmation, and pre-validated paper Medication Administration Record processes, he recommends. To address degraded care situations, hospitals and clinicians should run tabletop exercises that include frontline staff in planning and response. Izzo observed less burnout when they were involved in these conversations. Since hospitals are increasingly using artificial intelligence (AI) alongside digital tools, they should also understand the broader risks shadow AI poses when they use unapproved tools that represent a whole other attack vector. While it is beneficial, it's important to "be careful" with AI, he warned. Related: How to Stay on Top of Future Threats With a Cutting-Edge SOC But mapping where "identity, information, and execution depend on digital systems" in one place is step one. "Rehearse, and use believable or real cases," he urged. About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection. See more from Arielle Waldman Want more Dark Reading stories in your Google search results? Add Us Now More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars Edge Picks Application Security AI Agents in Browsers Light on Cybersecurity, Bypass Controls AI Agents in Browsers Light on Cybersecurity, Bypass Controls Cyber Risk Browser Extensions Pose Heightened, but Manageable, Security Risks Browser Extensions Pose Heightened, but Manageable, Security Risks Latest Articles in The Edge Cybersecurity Analytics Are We Training AI Too Late? Apr 1, 2026 | 4 Min Read Vulnerabilities & Threats Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles Mar 26, 2026 | 4 Min Read Cybersecurity Operations How Organizations Can Use Mistakes to Level Up Their Security Programs Mar 26, 2026 | 5 Min Read Cyber Risk Why a 'Near-Miss' Database Is Key to Improving Information Sharing Mar 25, 2026 | 4 Min Read Read More The Edge Want more Dark Reading stories in your Google search results? Black Hat Asia | Marina Bay Sands, Singapore Experience cutting-edge cybersecurity insights in this four-day event featuring expert Briefings on the latest research, Arsenal tool demos, a vibrant Business Hall, networking opportunities, and more. Use code DARKREADING for a Free Business Pass or $200 off a Briefings Pass. GET YOUR PASS Discover More Black Hat Omdia Working With Us About Us Advertise Reprints Join Us Newsletter Sign-Up Follow Us Copyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466. Home | Cookie Policy | Privacy | Terms of Use Your Privacy Choices