Article Read Time
Halfway through the second season of HBO’s The Pitt, the fictional Pittsburgh Trauma Medical Center loses its computers to a cyber attack. Not to a direct hit. A neighboring hospital is hit by ransomware, and Pittsburgh Trauma shuts down its network as a precaution. In minutes, the emergency room goes analog. Nurses dig for paper charts. Lab orders vanish in a shuffle of loose pages. A resident wrestles with a fax machine like it’s 1994. And somewhere in the chaos, a critical allergy gets missed.
I watched that episode and thought: finally, someone put it on screen the way it actually happens.
For years, Hollywood has treated cyber attacks as a backdrop for spy thrillers. Hackers in dark rooms. Green text scrolling on black screens. A countdown clock and a hero who cracks the code with 11 seconds to spare. That is not how it works. In a real hospital cyber attack, the danger is not dramatic. It is quiet. It is a nurse who cannot pull up a patient’s medication list. It is a doctor treating an unconscious person with no access to their history. It is a cancer patient who shows up for chemotherapy and gets told to go home.
What The Pitt Got Right
The show nailed three things that matter.
First, the cascade. Pittsburgh Trauma was not the hospital that got hit. It shut itself down to keep the ransomware from spreading. That is a real protocol. When the University of Mississippi Medical Center faced a ransomware threat a few years back, they disabled computers at hospitals that were not even infected. Containment means going dark before the fire reaches your building.
Second, the patient surge. When one hospital closes, the patients do not disappear. They show up at the next closest emergency room. Research has found that a hospital cyber attack cut the odds of surviving cardiac arrest without devastating brain damage by nearly 90% at nearby hospitals. Not the hospital that got attacked. The ones down the road that had to absorb the overflow.
Third, the operational reality. The scenes of staff fumbling with paper systems, missing critical information, and making avoidable errors were not exaggerated. That is what “downtime procedures” look like in a building designed around electronic records. When the system goes away, so does the safety net.
Where the Show Fell Short
The Pitt compressed the crisis into a single dramatic shift. Real hospital cyber attacks grind on for days and sometimes weeks. On April 6 of this year, Brockton Hospital in Massachusetts got hit. The Anubis ransomware group claimed responsibility. Ambulances were diverted to other facilities. Cancer patients had their chemotherapy canceled. Staff worked off paper for more than a week. The hospital did not resume normal ambulance service until April 15, nine days after the attack started.
The show also stayed inside the emergency room. It did not show what happens in billing, the pharmacy, the records department, or the county health office, all of which depend on data from that hospital. A cyber attack on a hospital is not one building’s problem. It is a community’s problem.
The Numbers Are Getting Worse
Comparitech, a cyber security research firm, recorded 445 ransomware attacks on hospitals and clinics in 2025. That was a new peak. A 2026 analysis of Medicare data found that hospitalized patients had a 38% higher risk of death during a ransomware attack. Over 250 healthcare organizations were hit in 2024, two and a half times the number from 2021.
These are not abstract statistics. They are canceled surgeries in towns that have one hospital. They are ambulances driving an extra 30 minutes because the closest ER is out of service. They are people who die not because of a disease, but because a computer system failed, and the backup plan was a stack of paper and good intentions.
What This Means for Your Community
If your county hospital, local clinic, or school district’s health office has not run a tabletop exercise for a cyberattack, now would be a prudent time to start. Not because of a television show. Because Brockton is not unique. It is ordinary. And ordinary is exactly the kind of target that ransomware groups prefer.
The fundamentals still apply. Offline backups. Staff who have practiced working without the network. A phone tree that does not depend on email. Multi-factor authentication, which means a second step beyond a password, on every account that touches patient data.
The Pitt gave us 47 minutes of what the first few hours look like. The part they did not film is the part that matters most: the weeks of recovery, the patients who went somewhere else and never came back, and the quiet question every small-town administrator should be asking right now.
Could we keep people safe if the screens went dark tomorrow?
Talk to Commonwealth Sentinel about proactive detection, visibility, and resilience, before ransomware announces itself. To learn more about how we can help protect your organization, call Commonwealth Sentinel today. Contact us at (502) 234-5554
At Commonwealth Sentinel, we stay focused on cyber security so you can focus on other things!