With 12 million viewers per week, 5 debut Emmys, and a lovable cast, it’s safe to say that HBO’s “The Pitt” is currently one of the hottest topics in media. Though our favorite doctors and nurses continue to save lives in the Pittsburgh Trauma Medical Center, season two has introduced a brand new anxiety-inducing twist: Ransomware.
An industry full of high-value, sensitive data, healthcare organizations are frequently targeted by bad actors, with the American Hospital Association stating that stolen health records often sell up to ten times more than stolen credit card numbers on the dark web. In addition, the cost to remediate a breach in healthcare is nearly three times that of other industries.
Much like the 2024 Change Healthcare breach, which threatened patients’ access to care, disrupted clinic operations, and cost the organization over three billion dollars, this season shows the PTMC Emergency Department facing the threat of compromise, and reveals what’s at stake for organizations facing ransomware attacks.
So, what has The Pitt season 2 taught us about ransomware?
Backups Aren’t Enough
As area hospitals are targeted and systems go down across the show’s hospital network, we begin to see the true chaos of a ransomware attack unfold. Even at The Pitt, where the shutdown is proactive and preventative to avoid a wider system attack, doctors and nurses alike are suddenly unable to access the applications and databases that streamline patient care, leaving the team struggling. While healthcare’s compliance regulations often require backups, the ED’s struggles expose the need for organizations to not only have backups, but a way to safely restore them, such as recovery to an uncompromisedseparate account, or “clean room”, and quarantined backups to avoid reinfecting systems.
DR Testing is a Necessity
As of April 2nd, the PTMC Emergency Department approaches hour 6 of their ransomware crisis with a full waiting room and no sign of system recovery in sight. The unknown plan forward adds to the growing tensions on the floor, showing viewers that every second counts when facing an attack in a healthcare context, along with exposing the need for tested and trusted resilience strategy, defined objectives and recovery testing.
Disaster and cyber recovery testing is what separates a theoretical plan from a reliable outcome. Without regular testing, organizations have no way of knowing whether their recovery time objectives and recovery point objectives are achievable or just aspirational. Testing exposes hidden dependencies, misconfigurations, and gaps that only surface under real failure conditions, giving teams a chance to fix issues before a disaster strikes. In the cloud, where environments are constantly changing, continuous DR testing is critical to guarantee that applications, infrastructure, and data can be restored quickly, securely, and completely when it matters most.
Ransomware is an Operational Crisis— Not Just a Security Crisis
While the IT department is responsible for ensuring that an organization has an actionable resilience strategy, season 2 of The Pitt shows us that downtime from ransomware impacts all areas of an organization. Patients are left unattended to, communication between departments is hindered, and the overall quality of service plummets without access to critical applications and databases, proving that everyone from clients to employees suffer when an organization is ill prepared for disaster. The show also underscores what true recovery actually requires: not just restoring data, but ensuring that data is clean and trustworthy, recovering it in a safe environment, and bringing full infrastructure back online. From clients to employees, everyone feels the impact when an organization isn’t prepared to recover completely and securely.
What’s Next?
While we don’t know what additional challenges our favorite doctors and nurses will face in season 2, it is clear that attacks on healthcare organizations need to be prepared to recover before disaster strikes to protect sensitive data, business continuity, and the access/quality of patient care.
Organizations can prepare for cyber disasters by leveraging Arpio, the only disaster and cyber recovery solution built for the cloud. With support across over 100 cloud native resources across dozens of services in AWS and Azure, seamless testing, and world class clean-room recovery out of the box, Arpio ensures secure and speedy recovery when disaster hits.
Request a demo today to learn more about how Arpio can ensure total recovery for your organization: request-a-demo
