Podcast Summary: "Return to code red: hacking the halls of medicine"

Podcast: Click Here (Recorded Future News)
Date: March 17, 2026
Host: Dena Temple-Raston

Episode Overview

In this compelling episode, host Dena Temple-Raston revisits the increasingly frequent and devastating ransomware attacks targeting hospitals, focusing on the human stories behind the headlines. After a fresh cyberattack on the University of Mississippi Medical Center that caused widespread service halts statewide, the episode revisits Sky Lakes Medical Center’s 2020 ransomware crisis to illustrate both the technical and human costs—and to extract lessons for the future of healthcare cybersecurity. Through firsthand accounts, the show draws listeners into what it actually takes for a hospital to survive such an attack, why health care is uniquely vulnerable, and what it would require to turn the tide.

Key Discussion Points and Insights

1. The Immediate Impact of a Modern Ransomware Attack

• Mississippi Incident Context
  [00:02] Dena Temple-Raston describes a February cyberattack on the University of Mississippi Medical Center that crippled the state’s healthcare backbone:

  • Shutdown of EPIC medical records impacted data, medication tracking, imaging, surgeries, and more.
  • Clinics closed, elective surgeries canceled, and hospitals operated on pen and paper.
  • Studies show such attacks increase ER waits and can elevate mortality rates.

• Why the Real Cost Is Hard to Measure:
  "The real cost of an attack like this—financial, human—is much harder to measure." – Dena Temple-Raston [01:45]

2. Case Study: Sky Lakes Medical Center Hack

• Setting the Stage
  John Gady, Sky Lakes' former IT Director, describes the hospital's challenging geography and its critical role as the only local facility [05:46-06:14].

  • “You can’t just go across the block or two miles across town to get to another hospital. You don’t have a diversion option, right?” — John Gady [06:03]
  • The next closest facility is 70 miles away, across a mountain pass—especially treacherous in winter.

• How the Attack Began

  • A nurse reports slow computers and lost email access [06:49].
  • IT traces the cause to a Ryuk ransomware note: “We have taken over your entire network.” – Dena Temple-Raston [07:13]

• Failed Attempt at Containment

  • Initial backup restorations are immediately re-encrypted.
    “Within five minutes, it was being encrypted again.” — John Gady [08:56]

• The Hard Decision: Go Completely Offline
  [09:19] John Gady orders an immediate shutdown:

  • “We made an executive right-in-the-moment decision. We’re shutting everything offline.”
  • 2,500 computers, 600 servers—all functions except directly patient-connected equipment like ventilators, cardiac monitors, and IV pumps.

3. Hospital Life During and After the Attack

• Going Back to Analog:

  • All digital records and systems are replaced by paper, pens, and manual logbooks [11:22].
  • “We bought out pretty much all the paper in our community at Staples and Walmart.” – John Gady [11:48]

• When Analog Breaks Down:

  • By 72 hours, paper processes start to falter—lab test orders by fax become untenable [12:08-12:59].
  • “A stat lab order could take 30 minutes to fax up to the laboratory.” — John Gady [12:49]
  • Staff revert to running orders across the hospital by hand [13:09].

4. How Did It Happen? Anatomy of an Attack

• The Human Factor:

  • The breach is traced to a phishing email offering a bonus [20:19-20:27].
  • “She got an email offering a bonus. She clicked on the link.” — John Gady

• Legacy Technology Exposed:

  • Attackers move laterally across outdated Microsoft systems, using the imaging department as their jumping-off point [20:40].

• Complexity of Healthcare IT:

  • Hospitals are uniquely vulnerable due to a web of old, poorly patched, interconnected devices (MRI, infusion pumps, badge readers, etc.).

  • “An MRI machine can remain a state of the art MRI machine for 15 or 20 years.” — Ophir Levy, former CTO of Medigate [19:10]

  • Security is often intentionally lax to avoid interfering with patient-care devices:
    “They allow just anything to go from side to side because no one wants to interrupt the normal operation of medical devices.” — Ophir Levy [19:39]

5. To Pay or Not to Pay

• Sky Lakes’ Decision
  • Hackers locked systems but didn’t exfiltrate data, so Sky Lakes refuses to pay ransom [21:35].
  • “We’re going to recover and rebuild our network. We can’t tell you how many days that’s going to take, but we’re going to recover.” — John Gady [21:35]

6. Rebuilding, Recovery, and Unexpected Obstacles

• Recovery with No Playbook:

  • Restoration is manual—prioritize which systems come online first.
  • Critical focus: oncology and radiation for cancer patients, who otherwise would have to travel perilous routes for care [22:02-22:43].

• Non-Obvious Failures:

  • Even heating systems for sidewalks are tied into digital infrastructure [23:28].
    “John, I can’t heat the sidewalks. It’s starting to snow outside. And we can’t get patients into our emergency department.”

• Data Recovery:

  • The hospital manages to recover nearly all of its imaging archives—losing only about 146 images out of millions [23:51].

7. The Broader Landscape and Where We Go From Here

• The Epidemic of Hospital Ransomware:

  • In 2025, US institutions paid over $800 million in ransomware demands [24:04].
  • Anne Neuberger, former deputy National Security Advisor:
    “Knowing that ransomware is really driven by financial gain, we need to turn off the spigot, make it riskier, costlier, and harder to conduct those operations.” [24:30]

• The Question of Ethics in Cybercrime:

  • Some ransomware groups debate targeting hospitals; sometimes, they even apologize.
  • Example: Lockbit gave a decryptor to a children’s hospital after a rogue affiliate’s attack in Toronto [24:49].

• Hard-Won Wisdom

  • Sky Lakes took 23 days to recover. Since then, they’ve overhauled their cybersecurity and John Gady has become an advocate:

    “I wish the industry… could have this kind of conversation with every hospital so we could sharpen each other. I’m an evangelist now around this topic. Whoever will listen, we need to talk about this.” — John Gady [26:33]

Memorable Quotes & Moments (with Timestamps)

• “Hospitals and ER departments stayed open, doctors and nurses suddenly had to document patient care the old fashioned way with pen and paper.” — Dena Temple-Raston [00:46]
• “We made an executive right-in-the-moment decision. We’re shutting everything offline.” — John Gady [09:19]
• “But when you hit 72 hours and beyond, you find out that all of those procedures and processes you had for the paper world start to break apart.” — John Gady [12:08]
• “She got an email offering a bonus. She clicked on the link.” — John Gady [20:27]
• “We’re going to recover and rebuild our network. We can’t tell you how many days that’s going to take, but we’re going to recover.” — John Gady [21:35]
• “I wish… when every one of these would happen, that you could get on the line… we could sharpen each other. I’m an evangelist now around this topic. Whoever will listen, we need to talk about this.” — John Gady [26:33]

Important Segment Timestamps

• [00:02] – Mississippi ransomware attack: context and aftermath
• [05:46] – Introduction to Sky Lakes Medical Center and rural hospital challenges
• [06:49] – How the Ryuk attack at Sky Lakes began
• [09:19] – Full-system shutdown and going offline
• [11:22] – Transition to pen-and-paper medical care
• [12:08] – Paper systems and their breaking point
• [17:51] – National scope: hospitals as targets in 2020
• [19:10] – Why medical devices are hard to secure (Ophir Levy’s explanation)
• [20:19] – Attack traced to a phishing email
• [21:35] – Decision to refuse ransom and the road to recovery
• [22:29] – Focus on restoring oncology and radiation
• [23:51] – Saving nearly all medical imaging files
• [24:04] – Anne Neuberger on making ransomware harder/more costly
• [26:00] – 23-day hospital recovery and lessons for the industry

Tone and Takeaways

"Return to code red" mixes urgency, technical insight, and firsthand emotion to show that cybersecurity in medicine is a life-and-death issue. The story avoids jargon and serves non-technical listeners, emphasizing the sheer complexity and fragility of digital health care. In closing, John Gady becomes a sort of missionary for preparedness, urging cross-hospital collaboration and industry-wide learning.

For listeners:
This episode is a clear-eyed look at how modern hospitals fall victim to hackers, why the problem is growing, and what it’s like for the real people tasked with keeping patients alive when the digital lights go out. It’s a must-listen for anyone interested in cybersecurity, health policy, or crisis management.