TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources CYBERATTACKS & DATA BREACHES CYBERSECURITY OPERATIONS CYBER RISK THREAT INTELLIGENCE NEWS Life Mirrors Art: Ransomware Hits Hospitals on TV & IRL HBO's "The Pitt" is showing audiences what a real Mississippi healthcare system is going through this week, thanks to a ransomware attack. Nate Nelson,Contributing Writer February 27, 2026 5 Min Read SOURCE: ALBUM VIA ALAMY STOCK PHOTO This past week brought hospital ransomware attacks to the forefront of public media, for better and for worse, with a major incident in Mississippi and a fictional one on HBO. On Feb. 19, an epsiode of the popular drama series The Pitt featured a subplot about a cyberthreat against its fictional trauma center. Ransomware attacks struck nearby hospitals and, suspecting that his own might be next, the CEO of Pittsburgh Trauma Medical Center preemptively orders that all their IT systems be taken offline. Cybersecurity experts debate the realism of HBO's depiction, but there's no questioning its relevance and timeliness. As if to underscore the point, early in the morning that same day the episode aired, the University of Mississippi Medical Center (UMMC) suffered a ransomware attack that was all too real. Its IT systems were impacted, including its electronic medical records platform, Epic. Life imitated art, and UMMC went dark at all 35 clinics in its network to prevent further damage. Related:Nation-State Actor Embraces AI Malware Assembly Line Was HBO's Depiction of Healthcare Ransomware Realistic? The Pitt followed through on the ransomware plot in its latest episode — Season 2, Episode 8 — which aired Feb. 26. The staff at Pittsburgh Trauma carry on with their work, only they have to rely on paper and pens, fax machines, and one staff member's conveniently photographic memory. "This episode follows the patient care continuum from intake to discharge and shows every point where it breaks: dry-erase boards, triplicate paper orders, a pharmacist manually unlocking medication cabinets one at a time," says Mick Coady, field chief technology officer (CTO) of Elisity. "That's the picture every CISO I talk with is trying to paint for their board. Not ransom amounts. Not recovery timelines. What actually happens to patients." The single most authentic detail in the episode, in Coady's view, was utterly mundane: when staff are told to use ballpoint pens, because felt-tip ink doesn't press through triplicate carbon copies. "Someone in that writers room has been through a real downtime event. That's an operational detail you only know if you've actually run paper processes in a clinical environment," he says. For Ross Filipek, chief information security officer (CISO) at Corsica Technologies, "What rang true to me was the operational chaos once systems went dark. Healthcare really is that dependent on IT. When digital charting, tracking boards, and core systems disappear, efficiency drops fast, and risk creeps in. I've seen that in real incidents." Related:The Case for Why Better Breach Transparency Matters What HBO Got Wrong While experts agree that the general tone of Episode 8 was spot on, they all caveat that it wasn't without its small missteps and exaggerations. Most glaring for Coady, for example, were the patient monitors that kept running normally, and the uninterrupted stream of patients who might have otherwise been diverted to other facilities in a real-life scenario. In Filipek's view, the CEO's crucial, preemptive decision to shut down all IT systems was implausible. "In a real hospital, executives would be heavily weighing patient safety and operational continuity alongside cyber-risk. That decision wouldn't happen without heavy input from IT and security leadership, and it certainly wouldn't be made lightly," he says. "While I understand the show is predominantly about the clinician experience, the episode glossed over what would be happening behind the scenes. In reality, it would be all hands on deck. Technical investigation, targeted mitigations, maybe third-party support. You don't just pull the plug and hope 24 hours fixes it." Coady, too, worries that the show might necessarily overlook certain aspects of real hospitals' experiences, due to dramatic constraints. "Some systems take months to fully restore," he says. "If the show makes that look like one bad shift, it undersells what six weeks on paper actually does to a hospital's staff, its patients, and its finances." Related:Chinese Police Use ChatGPT to Smear Japan PM Takaichi How Hospitals Should Address Ransomware The latest episode ended with everything still in analog. In parallel this week, on Feb. 25, UMMC announced that although it was making "significant progress in responding to the cyberattack and restoring our systems," it's still struggling to return to normal operation. Regularly scheduled clinic appointments and elective procedures have been cancelled at least through Feb. 27, its telephone line is being overwhelmed, and individuals in need of care have been expressing their confusion online. "The most concerning trend [in healthcare] isn't just the volume of attacks, but how disruptive they have become," says Ryan Witt, Proofpoint's vice president of industry solutions, citing how 70% of victimized healthcare facilities report disruptions to patient care. "Ransomware can become a full operational shutdown. It results in deferred care, delayed diagnoses, and real clinical consequences for patients and their families." Witt, who authored Proofpoint's 2025 "Cyber Insecurity in Healthcare" report, suggests that healthcare facilities need to focus in three main areas. First: securing credentials, the primary means by which attackers gain access to healthcare IT systems in the first place. "Second, hospitals are encouraged to plan for clinical resilience. While it's important to restore IT systems quickly, it's equally important to ensure patient care remains as safe as possible while systems are down. That means practical downtime plans that address medication management, lab communications, triage, and patient prioritization," he says. Lastly, he advises, "Resilience needs to be tested, not assumed. Tabletop exercises and downtime drills should simulate real clinical stress. Leadership teams should practice making difficult real-time decisions about diversion, communications, and patient prioritization before they have to do it in a real crisis." On a positive note, Witt says more hospital executives now understand cyber-risk is a patient safety issue. "Boards are starting to ask how an incident could affect patient care, not only how fast can systems can be restored," he says. "That shift in mindset is important and, frankly, long overdue." About the Author Nate Nelson Contributing Writer Nate Nelson is a journalist and scriptwriter. He writes for "Darknet Diaries" — the most popular podcast in cybersecurity — and co-created the former Top 20 tech podcast "Malicious Life." Before joining Dark Reading, he was a reporter at Threatpost. More Insights Industry Reports ThreatLabz 2025 Ransomware Report The Total Economic Impact™ Of Zscaler Private Access (ZPA) Zscaler ThreatLabz 2025 VPN Risk Report GigaOm Radar for CNAPP The Total Economic Impact™ of Google SecOps Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBERATTACKS & DATA BREACHES Cyberattackers Target LastPass, Top Password Managers by Nate Nelson, Contributing Writer OCT 16, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 CYBERATTACKS & DATA BREACHES Cybersecurity Gaps Leave Doors Wide Open by Jai Vijayan, Contributing Writer MAR 26, 2025 CYBERATTACKS & DATA BREACHES Critical Fortinet Vuln Draws Fresh Attention by Jai Vijayan, Contributing Writer MAR 19, 2025 Editor's Choice THREAT INTELLIGENCE As War Continues, Pro-Iranian Actors Launch Barrage of Cyberattacks byElizabeth Montalbano MAR 3, 2026 6 MIN READ ICS/OT SECURITY Vehicle Tire Pressure Sensors Enable Silent Tracking byJai Vijayan MAR 3, 2026 3 MIN READ СLOUD SECURITY AI Agent Overload: How to Solve the Workload Identity Crisis byAlexander Culafi MAR 3, 2026 4 MIN READ 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Assessing Security Architectu