Like most of the country, my family and I love the medical drama, The Pitt. As most fans of the show know, each season follows an intense 15-hour shift in the fictional  Pittsburgh Trauma Medical Center. An entire season takes place across just one day, and each episode represents one action-packed hour. In Season 2, the hospital suffers a major cyberattack.

The show correctly illuminates that healthcare organizations are increasingly targeted by ransomware and other cyber threats. In some cases, hospitals respond by shutting down IT systems entirely to prevent further compromise. While this approach may stop the spread of malware, it can also disrupt emergency care and critical hospital functions.

A more resilient approach focuses on maintaining clinical operations while isolating and addressing the cyber threat. Hospitals must be able to continue treating patients safely even during a cyber incident.

From a GDIT perspective, cyber resilience in any organization, including healthcare, means ensuring organizations can detect threats, contain the impact, sustain operations, and recover quickly—without compromising patient care.

Protect the Mission First

The primary objective during any cyber incident is maintaining patient care. Hospitals, like any other organization, must ensure continued access to essential information. In the show, this would include items like patient histories, medication data, lab results, and imaging.

Contain the Threat, Not the Organization

Rather than shutting down entire networks, resilient environments allow organizations to isolate affected systems while keeping trusted services operational. For the physicians on The Pitt, this would mean keeping essential clinical systems going while non-clinical ones shut down.

Operate in Continuity-of-Operations Mode

Organizations should be prepared to shift into a temporary operating mode where essential capabilities remain available while non-critical systems are paused.  Many of the business systems are not as well protected and if connected can lead to clinical outage or loss. A hospital’s focus amid an attack should be on mission continuity, providing care.

Maintain Trusted Data Access

In the case of a cyberattack on a hospital, clinicians must still be able to access reliable patient information to make safe decisions. The Pitt underscores how challenging this can be when manual processing becomes the fallback. It results in patients being misdiagnosed or not assessed timely enough. Every agency or organization has similarly disastrous compounding effects.

Plan for Rapid Recovery

Healthcare organizations must maintain the ability to restore systems quickly and safely once threats are contained. In The Pitt, no one in the ER is being told when the systems will become available which doesn't allow for management to the crisis. Consider how your organization’s recovery should unfold and then put the proper planning in place to ensure that it can.

Integrate Cyber and Mission Leadership

Cyber incidents in hospitals are patient safety events. Effective response requires coordination between cybersecurity teams, hospital leadership, and clinical operations. The same is true of any mission-driven organization. It is imperative to ensure that disaster responses are integrated, coordinated, planned for and updated.

While no one’s invited me to become a guest writer on the show (I am waiting for that call!), a sample clinical system operation response framework could look like this:

  • Detect: Identify suspicious activity through security monitoring and operational awareness.
  • Assess: Determine potential impact to clinical services and patient safety.
  • Contain: Isolate affected systems while preserving trusted clinical capabilities.
  • Sustain Operations: Maintain essential medical services through continuity-of-care procedures.
  • Investigate and Eradicate: Analyze the incident and remove malicious activity.
  • Restore and Improve: Safely return to normal operations and strengthen resilience against future threats.

Of course, hospitals cannot eliminate all cyber threats. However, with the right approach they can ensure cyber incidents do not interrupt the delivery of care. A resilient healthcare environment enables organizations to maintain emergency and clinical operations during cyber events, protect patient safety and clinical decision-making, reduce operational disruption, and recover quickly from cyber incidents.

Cyber resilience in healthcare is not only a technical challenge, but it is also an operational and mission assurance requirement. By aligning cybersecurity, clinical operations, and continuity planning, healthcare organizations can ensure that even during a cyber incident, hospitals remain focused on their most important mission: saving lives.