Ransomware in the ER: protecting patient care when every second counts

It doesn’t take long.A patient arrives at the emergency department with chest pain. But the triage system is down. Patient records are inaccessible. Imaging won’t load. Nurses switch to pen and paper. Ambulances are redirected. Meanwhile, a ransomware message flashes across every screen: your systems are encrypted.

This isn’t just a scenario: in 2020, Düsseldorf University Hospital was hit by a ransomware attack that forced an ambulance to be diverted. The patient died. It was the first time a cyberattack was investigated as a potential cause of death in Europe. And incidents like these continue to happen.

Just last year, hospitals in France and the UK faced ransomware-related outages that delayed surgeries and disrupted diagnostics. The threat isn’t new. But the urgency to prepare has never been higher.

When digital failure becomes a clinical risk

Healthcare has no margin for digital downtime. Emergency care is fast, complex, and depends on access: to data, to systems, and to one another. When systems fail, care slows. And sometimes, it stops.

Backups help. But backups don’t guide decision-making in the moment. They don’t tell you which patients are most urgent, or which medications have been administered.

When systems fail, frontline staff feel the pressure. The burden shifts to people. And they need more than good intentions to keep care moving.

From technical recovery to care continuity

Most hospitals approach cyber readiness through a technical lens: firewalls, backups, and recovery timelines. But ransomware doesn’t just lock data it locks decision-making. That’s why care continuity requires more than just IT infrastructure.

When systems go down, hospitals must have clear command-and-control protocols that function without digital tools. Leadership must be ready to coordinate decisions even when screens go dark. Clinical teams need fallback workflows, manual procedures that can be deployed without hesitation to keep patient care moving. These workflows shouldn’t exist only on paper; they should be familiar, practiced, and integrated into day-to-day readiness.

Resilience also depends on collaboration across silos. IT, operations, and medical leadership must train together in cross-functional simulations to understand how disruptions cascade across departments. And when communication platforms fail, hospitals must be able to rely on secure alternatives that don’t depend on the same infrastructure under attack.

Because resilience isn’t about avoiding disruption. It’s about delivering safe care when disruption strikes and ensuring your people are empowered to do exactly that.

The executive responsibility

Digital disruption is not an IT issue. It’s an executive issue.

When systems fail, patient outcomes are at risk. Reputations are on the line. And teams are looking for leadership that’s calm, clear, and prepared.

Boards and leadership teams must embed cyber crisis planning into clinical governance. That means understanding not just how to restore systems, but how to maintain safe operations while systems are down.

A call to reflect

If your ER systems failed tomorrow, what would happen in the first 10 minutes?Who leads? How do you maintain patient safety? And how long can you sustain that?

Cyber resilience in healthcare isn’t about preventing every attack. It’s about protecting lives, even in the middle of one.

Let’s talk about how to build that kind of readiness.