HBO Max’s enormously popular television series “The Pitt” is receiving plaudits for its realistic depiction of the trials and tribulations of health care in an urban emergency room.
Now in its second season, which premiered on Jan. 8, 2026, the show follows Dr. Michael “Robby” Robinavitch (played by Noah Wyle) and his colleagues through a single 15-hour clinical shift, divided into one-hour episodes. The team treats patients against a backdrop of all-too-common American societal plagues, from substance use disorder to medical bankruptcies and mass shootings.
Spoiler alert: About halfway through the season, Dr. Robby and the staff at the fictional Pittsburgh Trauma Medical Center grapple with chaos ensuing from a less commonly depicted disaster – a hospital cyberattack. The hospital’s network and computers were incapacitated, resulting in scenes of millennial residents struggling with fax machines, laboratory orders disappearing in a shuffle of papers, and constant communication breakdowns culminating in a missed life-threatening diagnosis.
All this might prompt viewers to wonder: Does this actually happen in real life?
As physicians who study cyberattacks and their impact on patient care, we have seen many of the same events depicted in “The Pitt” play out in the real world.
These attacks have severe clinical consequences. In an unfortunate case of art imitating life, the show’s cyberattack story arc began on the same day that the University of Mississippi Medical Center suffered the same fate, resulting in the sudden closure of more than 30 affiliated clinics across the state while also disrupting Mississippi’s only Level I trauma center.
Modern health care is critically dependent on digital technologies, such as electronic health records, laboratory machines and radiology platforms, that shut down when hospital networks are taken offline. Losing access to these tools for prolonged periods of time puts patients’ lives at grave risk.
A ransomware attack sent the fictional Pittsburgh Trauma Medical Center emergency room back to the dark ages.
What’s at stake
The most dire real-life cyberattacks on hospitals involve ransomware, a class of malicious software that encrypts data and locks down computers and networks, demanding significant amounts of cash for the promise of relief. Unfortunately, these events are not rare. Comparitech, a cybersecurity research firm, recorded 445 ransomware attacks on hospitals and clinics in 2025 – a new peak following several years of annual increases.
Such attacks are especially dangerous for patients with time-sensitive emergencies like strokes, heart attacks or sepsis, but they affect hospital outcomes broadly. For example, a 2026 analysis of Medicare data found that hospitalized patients had a 38% higher risk of death during a ransomware attack.
Moreover, the health impacts of ransomware are not…
