“The Pitt” Is Fiction. The Cyberattack Isn’t.

If you’re a hospital CISO, there’s a good chance someone on your leadership team has watched HBO’s “The Pitt” and asked you a version of the same question: could that happen here?

Ransomware attacks against hospitals hit record levels in 2025, and the consequences – diverted patients, lost records, delayed care, and worse – are well documented. But here’s what matters more than the question itself: for the first time, hospital cybersecurity is gaining the visibility it deserves with key leaders beyond CISOs, who have been advocating for better attack prevention for years. 

The Setup

In Season 2 of “The Pitt,” two neighboring hospitals are hit by ransomware. To protect its own systems, the fictional Pittsburgh Trauma Medical Center preemptively shuts down its entire IT network – forcing staff onto paper charts, fax machines, and manual lab orders. The chaos leads to a missed life-threatening diagnosis. It’s dramatic television, but medical and cybersecurity experts have praised the storyline for its accuracy.

The real world isn’t far behind. According to the Ponemon Institute, 93% of healthcare organizations experienced common cyberattacks in the past 12 months, and research shows that mortality risk rises significantly during active incidents – not just at the hospital under attack, but at neighboring facilities overwhelmed by diverted patients.

How the Fictional Cyberattack Could Have Been Circumvented Without Taking Critical Systems Offline

While the cyberattack never successfully breached Pittsburgh Trauma Medical Center in the episode, thanks to the precautions taken by the team to shut off all IT devices, less disruptive tactics could have been used to reduce risk. What’s more, this approach doesn’t account for IoMT, connected medical devices that are often overlooked from a cyber-risk perspective.

Here’s how each stage of the attack maps to capabilities that can prevent or contain it without going dark:

Network Segmentation: When Westbridge and Dominion were hit during the show, the ransomware was able to spread because hospital networks often lack proper segmentation between IT and IoMT environments. With device-specific segmentation and microsegmentation policies in place, The Pitt could have isolated its connected medical devices from the compromised network traffic – keeping critical care systems online even as the threat spread across the region.

Anomaly Detection: Before The Pitt’s team even knew the neighboring hospitals were under attack, anomalous network traffic – such as unusual communication patterns between devices or unexpected lateral movement – could have been flagged automatically. Early detection means faster response, and potentially avoiding the need for a full shutdown altogether.

Configuration Control: The show depicts the chaos of going analog – lost records, manual processes, and no way to verify device states. With Configuration Control snapshots of every connected device, the hospital could have reverted to known-good configurations rapidly after an incident, dramatically shortening recovery time instead of operating blind for the duration of the shift.

Incident Response with Packet Capture: When the attack hit, the fictional hospital had no way to investigate what was happening on the network in real time. Automated packet capture – triggered by policy violations or detected anomalies – would have given the security team immediate forensic data to understand the scope of the threat, determine which devices were affected, and make informed decisions instead of resorting to a blanket shutdown.

The Time is Now to Advocate for Better Healthcare Cybersecurity

Hospital CISOs have been sounding the alarm on healthcare cybersecurity best practices for years. With mainstream visibility into this issue, the time is now for implementing cybersecurity best practices across IT, IoT, and IoMT. “The Pitt” hands CISOs a conversation starter and a forcing function to reduce risk. Here’s how to use it:

1. Understand the Visibility Gap in IoMT:  Asimily’s 2025 Hospital CISO Report found that 43% of hospital security leaders say complete device visibility is their top unsolved challenge, and only 22% prioritize vulnerabilities by device criticality – the most effective method. If your organization falls into that gap, you aren’t alone, but you also must address the visibility gap to secure your organization.
2. Address the Most Crucial Attack Surface: The average hospital has 10–15 connected devices per bed. Many run outdated software, can’t be patched without disrupting care, and aren’t visible to traditional IT tools. When ransomware hits, it’s not just IT workstations that go down – it’s the lab machines, imaging systems, and patient monitors your clinicians depend on. These costly and critical devices cannot be secured through traditional IT cybersecurity solutions. 
3. Compliance Mandates are Changing for Healthcare: The proposed HIPAA Security Rule update – expected to be finalized in 2026 – eliminates the “addressable” framework and makes virtually all safeguards mandatory: encryption, MFA, asset inventories, annual penetration testing, and 72-hour system recovery. Hospitals that start building toward these requirements now will be ahead. Those who wait risk penalties and operational exposure.

Read more: The New HIPAA Security Rule Is Coming: Here’s What You Need to Know

The Tactical Checklist for Reducing Cyber Risk in Healthcare

With limited resources and a clear need for reducing risk, this checklist provides Healthcare

•   Close the Cyber Asset Visibility Gap: Leverage a comprehensive cyber asset and exposure management platform that gives you a unified view of every IT, IoT, IoMT, and OT device – including the unmanaged ones.

•   Prioritize by Criticality and Exploitability – Move beyond CVSS scores. Focus on devices most critical to care delivery with the most exploitable vulnerabilities. Use a Risk Simulator to model impact before committing resources.

•   Break internal silos. Establish clear ownership between security, clinical engineering, HTM, and procurement for incident response, device maintenance, and regular audits of cybersecurity posture within the hospital. Never underestimate the power of a security-conscious culture in thwarting a cyberattack.

•   Prepare for Cyberattacks Proactively: Maintain Configuration Control snapshots of every connected device for rapid recovery.

•   Operationalize Microsegmentation: Get device-specific segmentation guidance that goes beyond generic network policies.

Your Hospital Doesn’t Get a Second Take

In “The Pitt,” Dr. Robby rallies his team through the crisis. Your team doesn’t get a script or a guaranteed happy ending. What you do get is a window – right now – where your entire organization understands why connected device security matters.

Asimily helps hospital security leaders close the gap between awareness and action with comprehensive exposure management across your entire cyber asset attack surface – IT, IoT, OT, and IoMT. Identify your riskiest devices, prioritize effectively, and mitigate threats before they become the next headline.

Learn how Asimily can help you secure your cyber asset attack surface and request a demo today.