No Systems, No Problem: The Phased Plan That Keeps a Hacked Hospital Running - UNH
Why It Matters
By detailing a practical, low‑tech continuity plan, the hospital shows how health providers can limit revenue loss and patient‑care disruption during cyber incidents, setting a template for industry resilience.
Key Takeaways
- •Hospital split response into “dark” and “twilight” phases after cyberattack.
- •Twilight phase supplies clean laptops with Excel for supply‑chain tracking.
- •Radiology uses modality‑direct image export onto laptops for manual reads.
- •Laptop swap system enables temporary reporting without network connectivity.
- •Plan prioritizes continuity but acknowledges unsustainable long‑term workload.
Summary
Hospital officials outlined a phased response to a ransomware‑induced outage, dividing recovery into a “dark” period (0‑24 hours with no technology) and a “twilight” window (24‑72 hours) where limited, sanitized tools are reintroduced.
During the twilight phase, the supply‑chain team receives clean laptops equipped only with spreadsheet software to track inventory, avoiding paper‑based chaos. Radiology engineers created a “sneaker‑net” workflow: images are exported directly from modalities onto a laptop, paired with patient charts, read by radiologists, and reported in Word before the device is swapped for the next case.
The speaker emphasized that these stop‑gap measures are “not sustainable for a long time,” but they provide a functional bridge between total shutdown and full system restoration. Examples included the inability to manage supplies on paper and the manual hand‑off of imaging data without network access.
The approach highlights the need for pre‑planned offline contingencies, showing how health systems can preserve critical operations, protect revenue, and maintain patient safety while rebuilding cyber‑compromised infrastructure.
Comments
Want to join the conversation?
Loading comments...