“Internal disaster. Westbridge has been identified as a target,” Dr. Trent Norris barked at his emergency room staff in a voice usually reserved for multi-car pileups.
As a neighboring hospital falls to a ransomware attack, the fallout at Good Dominion is immediate. It starts with a sudden influx of diverted ambulances and desperate walk-in patients. But 10 minutes later, the real crisis begins. Dr. Norris reveals that Good Dominion’s own network is under siege.
Despite blocking thousands of intrusions, the IT department decides the only safe move is to “go dark”—i.e., pre-emptively cut their own lifelines in digital seppuku.
“We’re going to pre-emptively shut down all the digital lights,” Norris announces. “No electronic health records, lab and radiology imaging, or automated pharmacy dispensing. This is now a paper hospital.”
In an instant, the high-tech machinery of modern medicine is silenced. Nurses who have never seen a paper chart scramble for pens, and the staff rushes to photograph whiteboards before the screens go dark. Doctors are forced to rely on physical exams and memory because patients’ histories are trapped behind an encryption wall. The craziness that follows isn’t just an inconvenience; it’s a systematic failure of the primary care mission.
How Realistic Is This Frenzy?
Any emergency room drama is full of disasters, but how accurate is HBO Max’s The Pitt in its depiction of a cyber disaster? To find out, I chatted with Todd Thorsen, the CISO of the backup and disaster recovery firm CrashPlan. Thorsen, a former senior cybersecurity executive for Target, knows about the chaos that erupts after a major attack. He worked at Target during and after its massive 2013 phishing attack
According to Thorsen, the show is highly realistic in showing the raw operational impact of losing digital tools. However, it glosses over the agonizing bureaucratic realities that precede such measures. In reality, the choice to cut internet access is a monumental decision that impacts life and safety. “If you make the wrong call… and people die, the fallout and the lawsuits are insurmountable,” Thorsen explains.
A Matter of Data Integrity
To avoid catastrophic errors, real hospitals rely on a core incident response team that includes far more than just IT. Rapid consensus must be built among marketing, finance, legal, and clinical leadership. While this bureaucratic reality might be too boring for viewers, it’s where the most critical decisions are made.
In healthcare, the problem isn’t just system availability; it’s a matter of absolute data integrity. You don’t want a nurse trying to remember if a patient needs glucose or insulin because the digital records were corrupted. Recovering data after an attack isn’t enough if that data is incomplete. “If you’re reconstituting patient records, is it coming over in totality?” Thorsen asks. “If it doesn’t, you may be prescribing the wrong course of treatment.”
Attacks Aren’t an ‘If’ – They’re a ‘When.’
The threat landscape is worsening, largely due to advancements in artificial intelligence. “AI has democratized the ability to execute attacks,” Thorsen said, warning that threat actors can now use AI tools to identify vulnerabilities and generate malicious code with far less technical expertise than before. This relentless automation is shifting the mindset from if a breach will occur to when.
How to Survive: The Gold Standard 3-2-1-1-0 Strategy
While many are familiar with the basic “3-2-1” rule, modern ransomware—which specifically targets backups—requires an even more evolved approach. To ensure total data resilience, professionals now advocate for the 3-2-1-1-0 method:
- 3 Copies of Data: Maintain your primary data and at least two backup copies.
- 2 Different Media: Store your backups on different types of media, such as a local NAS and the cloud.
- 1 Off-site Copy: At least one backup must be geographically separated from your primary location.
- 1 Offline (Air-Gapped) or Immutable Copy: This is the critical defense. An “air-gapped” backup is disconnected from any network, meaning a virus cannot crawl to it. Alternatively, immutable cloud backups use technology like S3 Object Lock to make data “read-only” for a set period.
- 0 Errors: A backup is only as good as its last successful restore test. Automated solutions should perform regular “integrity checks” to ensure data isn’t already encrypted before being backed up.
Notable Backup and Recovery Approaches: 2026
For 2026, the market is divided between security suites and specialized cloud platforms:
- IDrive: Frequently cited as the “Best Cloud Backup Overall,” it covers an unlimited number of devices under a single plan.
- Acronis Cyber Protect: Highly rated for integrated cyber-protection, combining full-image backups with active anti-ransomware scanning. It uses Universal Restore technology, allowing you to restore an entire system image to different hardware.
- Backblaze: The leader in “set-it-and-forget-it” simplicity, offering unlimited storage for a single computer. Its Inherit Backup State feature lets a new installation resume an existing backup without starting from scratch.
- CrashPlan: An enterprise-grade platform specifically built for resilient ransomware recovery. It offers continuous protection with immutable backups and strictly compartmentalizes data per user to protect against both external hackers and internal “rage deletion.”
Decision Checklist
Before you hit “subscribe,” check these three factors:
- Upload Speed: If your internet is slow, Backblaze or IDrive allow you to “seed” your first backup by shipping them a physical hard drive.
- Versioning: Ensure the plan allows for at least 30 days of versioning. CrashPlan offers unlimited versioning, allowing you to roll back to a point-in-time before the infection.
- Immutability: Check if the service offers “read-only” archives that cannot be deleted or altered by ransomware.
Ultimately, whether facing an AI-driven breach or an internal error, healthcare providers must be fully prepared. By combining robust automated backup solutions with rigorous incident response planning, hospitals can ensure they never have to permanently “go analog.”
(Lisa Vaas is a seasoned freelance journalist and content marketing professional with over 25 years of experience writing about technology, cybersecurity, careers, science, and health. She can be reached at LisaVaas@lisavaas.com,lisavaas@securitypointbreak.com, or via LinkedIn.)
Image Adapted: Warner Bros. Discovery
