Withstanding a Digital Darkness Event

Laura M. Cascella, MA, CPHRM

In Season 2 of HBO’s hit show The PITT, doctors and nurses at Pittsburgh Trauma Medical Center’s emergency department (ED) must take on an increased patient load due to a Code Black at a neighboring hospital. Several episodes after learning of the Code Black, staff at the Pitt learn the reason behind it — a widespread cybersecurity attack. They become aware only moments before their own systems are deliberately taken offline to prevent infiltration.

The loss of systems illustrated in this medical drama — both at the namesake hospital and the neighboring hospital — is referred to as a “digital darkness” event. In 2026, ECRI named unpreparedness for this type of situation as one of its top 10 health technology hazards. The probability of digital darkness events is increasing as technology expands and systems become more integrated. Cyberattacks are only one potential trigger for a loss of technological systems; other causes might include natural disasters, vendor outages, power failures, and technical problems.¹

The fallout from a digital darkness event can be wide-ranging and catastrophic. Patient harm can occur because of information gaps, scheduling issues, compromised medical devices, and more. Healthcare providers and staff members may struggle to execute workflows, document clinical care, engage in optimal decision-making, and provide timely and high-quality care. Healthcare systems can suffer significant financial repercussions, compliance risks, legal risks, and reputational harm. From a cumulative perspective, even a short-lived digital darkness event can take a significant toll.

Healthcare organizations’ increasing dependence on digital systems — for everything from storing crucial patient information, to ordering and managing medications and supplies, to assisting with clinical decision-making, to selecting treatment modalities — emphasizes the criticality of developing a robust and well-practiced disaster recovery and response plan for managing digital darkness events. The plan should span the enterprise because, as ECRI notes, “Preparing for digital darkness is no longer an IT issue alone; it is a core patient safety and organizational resilience challenge.”²

The investment of human and material resources involved in this type of planning is substantial, which sometimes leads organizations to cut corners or develop superficial policies. Although this may save time and money in the short term, it will almost certainly be more costly when disaster strikes. Thus, adopting a proactive rather than a reactive stance to emergency response can help healthcare organizations minimize chaos and effectively manage a digital darkness event when it occurs. Examples of helpful strategies include the following:

• Develop contingency plans for managing various types of workflows (e.g., administrative, clinical, and operational) if systems go down. Involve various stakeholders in contingency planning to gather crucial input on backup protocols and procedures.
• Make sure the numerous steps and nuances of workflows are considered during contingency planning, such as those associated with care delivery and coordination, documentation, communication, test tracking and follow-up, security, and so on.
• Develop detailed guidance for how organizational leaders, clinicians, and staff members should operate in the absence of specific technologies, such as electronic health record systems, email and messaging apps, phone services and fax, electronic scheduling, digital registration and patient identification processes, etc. Keep in mind that a digital darkness event refers to widespread loss of systems, so guidance must account for that scenario in addition to loss of individual technologies.
• Ensure that redundant systems are in place and operational. These systems should back up critical data and applications, and the organization should be able to activate them quickly during recovery. Contingency plans should include the appropriate steps for accessing backup systems and data and who is authorized to do so.
• Specify staff roles and responsibilities during digital darkness events and clearly define governance policies and decision-making pathways and structures so staff know how to escalate issues and ensure a timely response.
• Consider the potential materials and supplies that the organization may need during a digital darkness event and plan accordingly. Examples include analog phones, two-way radios, extra paper, external hard drives and USB drives, preprinted templates and labels, manual medical devices, and more.
• Collaborate with your technology vendors and partners to understand their backup protocols, recovery support processes, and communication methods. This will allow your organization to facilitate a smooth recovery from system failures or downtime.
• Provide clinicians and staff members with comprehensive training on emergency response and recovery during digital darkness events. Discuss the risks involved, and review in detail the organization’s contingency plans and recovery processes. Make sure individuals can demonstrate competency with protocols for care delivery, documentation, communication, operations, etc., during system outages.
• Run digital darkness drills and simulation scenarios at least annually or biannually to reinforce training and competency. Consider using Failure Modes and Effects Analysis to proactively test processes and identify potential gaps.
• Provide ongoing education on best practices for preventing cyberattacks, including strategies for identifying common types of threats and implementing physical and technical safeguards. Although cyberattacks are not the only cause of digital darkness events, they represent a serious and preventable threat.
• Routinely review digital darkness policies and procedures to identify gaps, implement additional safeguards, and account for any workflow or technology changes.
• Work with other healthcare organizations and systems in your area to share best practices, identify lessons learned, and pinpoint any potential gaps in your emergency preparedness, response, and recovery procedures.³

Technology can introduce many improvements and efficiencies in healthcare settings, but a loss of systems can paralyze organizations and lead to severe consequences if safeguards are not in place. Weathering a digital darkness event requires a well-planned and practiced response that accounts for numerous systems, workflows, and scenarios. Investing the time and resources to ensure adequate response and recovery protocols are in place and staff are capable of quickly acting on them is paramount to minimizing harm and ensuring resilience.

Endnotes

¹ ECRI. (2026, February 23). When healthcare systems go dark: Why digital outage preparedness is a patient safety imperative. Retrieved from https://home.ecri.org/blogs/ecri-blog/when-healthcare-systems-go-dark-why-digital-outage-preparedness-is-a-patient-safety-imperative

² Ibid.

³ Ibid.; Southwick, R. (2026, February 17). How 'digital darkness' threatens patient safety. Chief Healthcare Executive. Retrieved from www.chiefhealthcareexecutive.com/view/how-digital-darkness-threatens-patient-safety; American Medical Group Association. (2022 November/December). Are you ready for the digital darkness. Group Practice Journal, 12–17. Retrieved from www.amga.org/resources/solutions-library/are-you-ready-for-the-digital-darkness; Mitchell A. R. J. (2021). Turning out the lights: The importance of digital health resilience. European Heart Journal — Digital Health, 2(1), 165–166. doi: https://doi.org/10.1093/ehjdh/ztab013

---

Prevention & Education Center home