Explore our Topics:

Would your hospital survive 48 hours without Epic? Lessons from the wargame trenches

Cyber downtime can last weeks in hospitals, putting patients at risk and making tested business continuity and shadow outage plans essential.
By admin
Jan 16, 2026, 4:23 PM

The widespread global outages in recent years affirmed the inevitability of cyber-induced downtime as well as the impact to business operations and revenue. But healthcare has even more at stake during downtime: patient care quality and safety. 

The average downtime for hospitals after a major IT or cyber disruption is more than four weeks. Some outliers, such as the 2021 cyberattack on Ireland National Health Service Executive, experience months of downtime and/or service disruptions.  

Financially, extended downtime in healthcare cost about $14.7 billion, according to 2023 Comparitech data, with ransomware and recovery costs driving up those costs. Recovery costs, potential litigation, a loss of reputation, and lost business also add to the impact to the bottom line. 

For patients the impact can be more severe. Anecdotally, nurses and patients share stories about missing medications, long wait times, and crowded waiting rooms at neighboring hospitals near the impacted provider. Meanwhile, the massive Change Healthcare incident in 2021 caused patients to miss life-saving medications and/or checking into hospitals to receive life-saving medications when they could not fill them at the store.


2026 State of Cybersecurity in Healthcare Virtual Summit, Jan. 20: Visit for more info and to register.


Stakeholders have long urged providers to create business continuity plans to support offline providers during an incident. These policies should include communication plans, leadership roles and responsibilities, and training for employees. Business continuity plans should be rooted in how to keep the hospital running safely for up to the average downtime of four weeks – including backup processes for mission critical tech and procedures. 

The key is to identify the systems needed to maintain patient care and tie them into well-practiced response plans. 

Putting the plan into action

Awareness in healthcare is at an all-time high, with many healthcare delivery organizations shifting to a more proactive cyber approach to supported by business continuity and incident response plans. There are ample free resources to support care delivery organizations, checklists for compliance, and standards to be tailored to each organization. 

Having a business continuity plan, however, is not enough if staff have not been trained in working offline. Unplanned downtimes can cause chaos, especially for organizations that have not performed tabletop exercises to test the implementation of incident response plans. 

Researchers from UCSD’s Center for Healthcare Cybersecurity have long advocated for simulating ransomware attacks in the hospital setting to demonstrate how hard it is to maintain care during an outage, particularly if clinicians are unaccustomed to working offline. These test simulations have consistently affirmed these challenges, while identifying key measures to support hospital frontline workers. 

A “shadow outage”, or a simulated attack scenario will replicate a real-life outage by shifting staffing to manual, paper procedures to assess pain points, identify gaps, and expose flaws in the plan. This can allow cyber and IT teams to review these plans and work on vulnerabilities before an actual outage. 

These simulations are especially helpful for high-risk hospitals, where there are a higher number of medical devices due to NICUs and other intensive care technology needs. Data projects there will be 7 million NICU and PICU connected devices globally this year. 

With outages, every minute counts and these real-world scenarios can support all healthcare delivery organizations better prepare and support clinicians with their response. 


From operational resilience to next-gen defense strategies, deepen your security perspective with peers and experts at ViVE. Cybersecurity Zone @ViVE 2026


For Suncoast Health, their simulated downtime provided their team with the information needed for an effective incident response. Join their SVP, Chief Digital & Information Officer Jim Feen and CISO Matthew Shaw in DHI’s 2026 State of Cybersecurity in Healthcare Virtual Summit (Jan. 20), as they walk through the raw, unedited results of their 48-hour wargame and share the ‘Incident Command’ checklist every hospital needs before the next real attack hits. 


Show Your Support

Subscribe

Newsletter Logo

Subscribe to our topic-centric newsletters to get the latest insights delivered to your inbox weekly.

Enter your information below

By submitting this form, you are agreeing to DHI’s Privacy Policy and Terms of Use.