X Close Search

How can we assist?

Demo Request

How Hospitals Prepare for Cyberattacks and Downtime

Post Summary

In today’s healthcare landscape, where patient safety intersects with advanced technology, the stakes have never been higher. Hospitals and healthcare delivery organizations (HDOs) face escalating risks from both natural disasters and cyberattacks, which can lead to prolonged downtime, jeopardizing patient care and operational efficiency. To address these pressing concerns, leaders in healthcare cybersecurity and IT convened to share strategies for preparedness, response, and recovery. This article synthesizes their insights, offering actionable steps for healthcare professionals to safeguard their systems and ensure uninterrupted care.

The Rising Threat Landscape

Cybersecurity challenges are a growing epidemic in the healthcare sector. Hospitals are not just grappling with natural disasters like wildfires or hurricanes but are also prime targets for ransomware and other cyberattacks. As one expert pointed out, "Healthcare is now the number one target for cyberattacks globally." The potential impacts are staggering: prolonged EHR outages, delayed surgeries, diverted ambulances, and financial losses running into millions of dollars.

But the challenges go beyond financial damage. Downtime in healthcare is a patient safety emergency. It can disrupt critical medical services, delay diagnoses, and compromise care, making robust preparedness and resilience strategies imperative.

A Framework for Resilience: Preparedness, Response, and Recovery

1. Preparedness and Planning: A Proactive Approach

Preparedness begins with a robust Emergency Operations Plan (EOP), tailored to the unique needs of each organization. A "binder on the shelf" approach won’t suffice; instead, organizations must create dynamic, living plans that engage stakeholders across clinical, IT, and leadership teams. Key elements include:

  • Risk Assessments: Conduct hazard vulnerability analyses (HVAs) for natural and man-made threats, such as cyberattacks and utility failures.
  • Emergency Drills: Regularly test and update response protocols through tabletop exercises and live simulations.
  • Interdepartmental Coordination: Ensure clinical, IT, and operational teams collaborate to align goals and expectations.

As one expert emphasized, "Emergency management isn’t just a back-office function - it’s central to safe patient care."

2. Mitigating Downtime: Preparation is Prevention

Disruptions, whether caused by hurricanes or ransomware, often share similar operational impacts. This recognition allows healthcare organizations to implement strategies that limit downtime and maintain continuity of care. Key tactics include:

Redundant Systems and Backups

  • Redundant Data Centers: Maintain duplicate systems in separate locations to ensure a smooth transition during outages.
  • Cloud Backups: Cloud-based storage solutions must be regularly tested to ensure restorations work as intended.
  • Collocation Strategies: Host critical systems both on-site and in the cloud to enable real-time failover in emergencies.

Technical Safeguards

  • Patching and Updates: Ensure all systems are updated to address vulnerabilities.
  • Endpoint Detection and Response (EDR): Modern EDR systems use AI to detect anomalies, such as unauthorized data transfers, in real time.
  • Zero Trust Security: Continuously verify all users, devices, and applications before granting access to sensitive systems.

3. Incident Response: Managing the Crisis

When disaster strikes, a swift and coordinated response can make all the difference. Healthcare organizations must focus on:

  • Incident Command Systems (ICS): Activate command centers to centralize decision-making and communication.
  • Communication Management: Use analog tools, such as walkie-talkies and paper charts, to ensure clear communication when digital systems fail.
  • Rapid Recovery Protocols: Implement and test business continuity (BCP) and disaster recovery (DRP) plans to minimize downtime.

A critical aspect of response is communication management, which experts identified as the most vital factor during outages. Regular updates and transparency can reduce panic and instill confidence among staff.

4. Recovery and Continuous Improvement

The aftermath of an incident is an opportunity to enhance resilience. Conduct After-Action Reviews (AARs) to identify what worked, what didn’t, and where improvements are needed. Additionally:

  • Train, Train, Train: Ensure staff are familiar with downtime workflows, from using paper charts to manual communication methods.
  • Vendor Oversight: Regularly audit third-party vendors to ensure they meet cybersecurity requirements. Vendors are often entry points for cyberattacks, with over 60% of breaches involving third-party systems.

Key Cybersecurity Controls for Healthcare Organizations

Experts underscored four essential cybersecurity controls that can significantly reduce risks:

  1. Multi-Factor Authentication (MFA): Ensure all systems require MFA to prevent unauthorized access, even if credentials are compromised.
  2. Endpoint Detection and Response (EDR): Deploy advanced tools to monitor and respond to suspicious activity.
  3. Zero Trust Framework: Adopt a "never trust, always verify" approach to access management.
  4. 24/7 Security Operations Center (SOC): Leverage internal or outsourced SOCs to monitor and respond to threats around the clock.

These controls are not just best practices - they are often prerequisites for obtaining cyber insurance policies.

Communication During Outages: Analog Tools Matter

Digital communication systems often fail first during emergencies. To ensure continuity, healthcare organizations should:

  • Stock and train staff on walkie-talkies, landline phones, and whiteboards.
  • Establish clear runner systems for delivering messages across departments.
  • Conduct quarterly drills to ensure teams are prepared for scenarios without email or voice-over-IP systems.

As one presenter noted, "The tree that works on paper but fails at 2 AM is worthless." Testing ensures that tools and workflows are effective when they are needed most.

Insurance: A Critical Safety Net

Cyber insurance has become a cornerstone of risk management in healthcare. However, policies vary widely, and not all provide adequate coverage for extended downtime or restoration efforts. When evaluating policies, healthcare leaders should ensure they cover:

  • Extended downtime costs: Including lost revenue and operational expenses.
  • Data restoration: Comprehensive coverage for recovering compromised data.
  • Regulatory costs: Including fines and compliance-related expenses.

Additionally, insurers increasingly require organizations to implement robust cybersecurity measures, such as MFA and EDR, as a condition for coverage.

Key Takeaways

  • Downtime is a patient safety emergency, not just an IT issue. Treat it with the urgency it deserves.
  • Redundant systems and backups are essential to limiting downtime and ensuring continuity of care.
  • Train staff regularly on manual workflows, paper charting, and analog communication tools.
  • Vendor oversight is non-negotiable: Audit third-party vendors to mitigate risks from supply chain vulnerabilities.
  • Implement multi-factor authentication (MFA) and zero trust frameworks to secure access to systems.
  • Conduct tabletop exercises and live drills to test and refine emergency plans.
  • Review and optimize your cyber insurance policy to ensure it covers extended downtime and restoration costs.
  • Communication is key: Prepare for scenarios where digital systems fail, using tools like walkie-talkies and runners.
  • Post-incident, conduct after-action reviews to enhance future preparedness and resilience.

Final Thoughts

In the face of growing cybersecurity threats and frequent natural disasters, healthcare organizations must adopt a proactive, enterprise-wide approach to emergency management. By implementing the strategies outlined above, hospitals can mitigate risks, safeguard patient care, and bounce back faster from disruptions. As one expert put it, "The hospitals that recover the fastest do all these things without exception." Prepare, test, and adapt - because in this complex landscape, resilience is the ultimate goal.

Source: "Health Care Emergency Management and Cybersecurity" - Hospital Association of Southern California - HASC, YouTube, Dec 9, 2025 - https://www.youtube.com/watch?v=hIqF3l_zQV0

Related Blog Posts

Key Points:

Recent Perspectives

Regulatory Updates 2025: Vendor Adaptation Tips
Board Oversight Framework for AI in Health Care
Healthcare Cyber Risk Scoring Calculator
Checklist for FDA-Compliant Medical Device Incident Response
How to Share Cyber Threat Intelligence in Healthcare
How Boards Should Oversee AI in Healthcare
How to Prevent 5 Costly HIPAA Violations in Healthcare
Guide to Encryption for International Healthcare Compliance
Censinet Risk Assessment Request Graphic

Censinet RiskOps™ Demo Request

Do you want to revolutionize the way your healthcare organization manages third-party and enterprise risk while also saving time, money, and increasing data security? It’s time for RiskOps.

Schedule Demo

Sign-up for the Censinet Newsletter!

Hear from the Censinet team on industry news, events, content, and 
engage with our thought leaders every month.

Third Party Risk
Enterprise Risk
Provider Solutions
Vendor Solutions
About
Terms of Use | Privacy Policy | Security Statement | Crafted on the Narrow Land