This story appears in its entirely in the UC’s Digital Impact Engine report, published in February 2026.
The UC San Diego Cyber Health initiative has emerged as a national leader in understanding and mitigating the real-world impacts of cyberattacks on healthcare delivery.
Photo credit: Susanne Clara Bard/UC San Diego Health Sciences
Through groundbreaking research, the team, led by Christian Dameff, M.D. and Jeffrey Tully, M.D., demonstrated how ransomware attacks on one hospital system can ripple across adjacent, untargeted facilities—leading to longer emergency department wait times and reduced survival outcomes. Their studies show that cyber disruptions are not isolated IT issues but public health emergencies that demand coordinated disaster response planning across regional healthcare systems. Dr. Dameff shared his thoughts on some key questions.
Your research shows that cyberattacks can lead to real-world health consequences. What was the most surprising or alarming finding from your studies?
Ten years ago, we had no evidence that cyberattacks were impacting patients. Everyone knew it was happening—we had all these horrible stories people were telling—but there wasn’t good research to quantify it or better understand it. One of the most surprising things about our research, which shows that cyberattacks can impact patient safety and well-being, is that we’ve only scratched the surface. Every time I talk to another doctor or nurse who cared for patients during an attack, they share another impact I had never even thought about. We have yet to even begin to understand how big a problem this is.
UC San Diego is pioneering the field of Cyber Disaster Medicine. Can you explain what that is, and describe what role it should play in future emergency preparedness training for healthcare professionals?
Cyber Disaster Medicine applies principles from traditional disaster medicine to cyberattacks, recognizing that caring for patients during these events is different from normal conditions. While lessons from natural disasters help, cyberattacks are unique—they involve intelligent, motivated adversaries, occur without warning, lack geographic patterns, and can last for weeks or months. Unlike hurricanes or wildfires, there’s little forewarning, and hospitals everywhere are vulnerable. This emerging field aims to close research gaps, share best practices, and develop strategies to protect patients during prolonged, unpredictable cyber crises.
Please share an example of how a hybrid response model combined with traditional incident command systems with modern IT playbooks was successfully implemented or tested.
Hospitals have strong plans for natural disasters but cyberattacks are rarely included. Emergency managers lacked training for ransomware events, while IT teams had technical recovery plans—creating a gap in coordinated response. To address this, new clinical playbooks have been developed to guide care during cyber incidents, covering critical scenarios like heart attacks, strokes, and cancer treatments. The goal is to minimize patient harm and maintain care quality during prolonged cyber crises. This initiative is in its early stages; next steps include adoption, contributions from clinicians, and continuous updates to create an international standard supported by the best available science.
Photo credit: Kyle Dykes/UC San Diego Health Sciences
What steps can hospitals and regional healthcare systems take today to better prepare for the ripple effects of a cyberattack—even if they’re not the direct target?
Ransomware attacks affect not only the targeted hospital but also surrounding facilities, increasing strain and wait times. The best defense is proactive planning: hospitals should form regional coalitions, share resources, and establish agreements for patient diversions and technical support before an attack occurs. Communication and tracking systems are critical since outages can last weeks or months.
Learn More
👉 Visit the UC San Diego Center for Healthcare Cybersecurity website.
👉 Read UC’s Digital Impact Engine report. Bringing together innovation, security, and operational excellence, the report, released by the Digital Innovation & Technology (DigIT) team, provides readers with a clear view of how technology advances UC’s mission as a whole.
👉 Read our recent blog post about the DigIT annual report.
