How does TV’s most realistic medical drama handle information security?

What ‘The Pitt’ teaches us about real-world hospital cybersecurity challenges

Takeaways

• The latest season of HBO’s medical drama The Pitt explores the challenges hospitals face during ransomware attacks.
• Even hospitals not directly infected with ransomware, like the fictional hospital on The Pitt, may shut down their networks as a precaution in response to ransomware threats.
• Many hospitals rely on virtual desktop infrastructure (VDI), so shutting down the network can effectively turn off most hospital computers.
• Switching to paper records during a cyberattack can lead to chaos and increased risks for patient health, as evidenced by real incidents.

Here at Barracuda, we enjoy a good TV show as much as the next company, and The Pitt is among the best. A realistic and optimistic hospital drama centered around the fictitious Pittsburg Trauma Medical Center, which is affectionately known as the Pitt, the program has been the subject of plenty of watercooler conversation. Recently, the volume of that conversation has turned up as this season’s arc comes into focus: a ransomware attack that affects several nearby hospitals, prompting the emergency room to shut down its network as a preventive measure.

Forcing doctors trained on digital recordkeeping to rely on pen, paper and carbon copies makes for compelling drama. But does this season’s plotline ring true for cybersecurity experts? While this season’s medical storylines are incredibly vivid (who can forget that poor women with necrotizing fasciitis!), what aspects of information security realism have been sanded down for mass consumption?

Do ransomware attacks really work like that?

Let’s recap: The Pitt was not infected with ransomware. Only its neighboring hospitals were. Despite this, the Pitt still shuts down its internal network as a precautionary measure, disabling all wired and wireless connectivity between systems. But is this really the best approach?

Hospitals are notoriously vulnerable to ransomware. In fact, just as the first episode in the ransomware storyline went to air, the University of Mississippi Medical Center was forced to shut down networks in all 35 of its clinics. Just as in The Pitt, the medical system disabled computers even at hospitals that weren’t infected.

If a hospital system faces the possibility of an attack — even if an attack isn’t currently manifesting — the most important first step is to shut down access to the public internet. This would disrupt any attack at the command-and-control level. The next step is to disable Wi-Fi, which would prevent insider threats or compromised endpoints from acting autonomously. So far, all of this rings true.

How do ransomware shutdowns affect doctors?

One detail that initially rang false was that shutting down the network also shut down the hospital computers. Surprisingly, however, it turns out that hospitals have invested heavily in virtual desktop infrastructure (VDI). As far back as 2014, 65% of hospitals were planning to implement this technology. Adopters cited the low cost, ease of use, and lack of obsolescence compared to traditional endpoints.

Because a server in the public (or private) cloud is what provisions a thin client with its storage, compute and memory, turning off the internet also turns off the computers at The Pitt. But that’s not the only consequence. Broadly speaking, turning off the hospital computers causes chaos, making it harder for doctors to make diagnoses, communicate their findings and dispense medications.

In real life, a sudden switch to paper records also increases the risks to patient health. As recently as June 2025, a ransomware attack in the UK increased wait times for a critical blood test, causing a patient death as a direct result. In 2023, a publication called STAT News calculated that:

“In normal times, roughly 3 in 100 hospitalized Medicare patients will die in the hospital. During a ransomware attack, that number goes up to 4 out of 100. From 2016 to 2021, we estimate that ransomware attacks killed between 42 and 67 Medicare patients.”

This season of The Pitt isn’t over yet, and if none of its fictional patients die due to ransomware, the writers will have spared us from a very depressing plotline.

Where does The Pitt get ransomware wrong?

One narrative conceit of The Pitt is that it takes place in real-time, with each episode of the show corresponding to an hour of a hospital shift. This helps the audience understand the grueling pace of emergency medicine as we watch the show’s beloved characters get ground down by 15-hour shifts.

Because audiences enjoy happy endings, it’s likely that this season will end with the cast breathing a sigh of relief as all the computers turn back on. But in real life, shutdowns due to ransomware can last for weeks. Between 2017 and 2025, hospitals affected by ransomware experienced 17 days of downtime on average. This equates to $1.9 million of lost revenue per day.

Although the hospital depicted in The Pitt is not directly affected by ransomware (at least as far as we know), proving this fact would still take a long time. This process would involve taking snapshots of the hospital infrastructure and comparing them against known good backups. If an application exists on the snapshots but not the backups, it could be assumed to be malicious.

Because it’s impossible to prove a negative — and because ransomware is excellent at hiding itself — performing due diligence could take hours or days. But The Pitt is fiction, so we can expect that its downtime will only last as long as is narratively convenient.

Cancel your ransomware drama with Barracuda

Because The Pitt is such a good show, we hope it lasts for a good long time (six seasons and a movie!) But when it comes to real-life information security drama, we hope to nip it in the bud before it ever goes to air. Our ransomware solutions are designed to intercept phishing emails, safeguard application access and preserve your data. Sign up for a free consultation and learn how our expertise can protect your business from ransomware.