Photo courtesy of Scott Doerr
Scott Doerr, virtual CISO (vCISO) at Fortified Health Security, previews his upcoming talk at the 2026 HIMSS Global Health Conference & Exposition in March, where he will discuss how healthcare companies can strengthen their preparedness for ransomware attacks.
MobiHealthNews: You will be discussing ransomware attacks against healthcare organizations. Can you give us a bit more detail about your talk?
Scott Doerr: My talk focuses on how healthcare organizations can build real Ransomware Resilience, not just technical defenses. Drawing from direct experience supporting hospitals through ransomware preparedness, response and recovery, I walk through a practical, phased approach that combines assessment, planning, simulation, execution and measurement.
Rather than hypothetical scenarios, the session is grounded in lessons learned from real-world healthcare engagements, including what consistently breaks down during ransomware events and what actually improves outcomes. I’ll cover how organizations can assess their current readiness, identify gaps between security programs and clinical operations, and use tabletop exercises and metrics to measurably reduce downtime and decision-making delays. The goal is to move ransomware from a reactive crisis to a managed operational risk that protects patient care.
MHN: What are some unique challenges in clinical environments related to cyberattacks?
Doerr: Clinical (all of healthcare) environments face challenges that don’t exist in most other industries. Legacy and unsupported medical devices are widespread and often cannot be patched, creating persistent exposure that traditional security programs struggle to address. At the same time, clinical workflows depend on always-on availability, which limits the ability to take systems offline or apply disruptive controls.
Another major challenge is organizational, not technical. Incident response plans frequently exist but are not integrated with business continuity or clinical workflows, leading to confusion during real events. In ransomware scenarios, decisions are made under extreme pressure, often involving patient safety, regulatory obligations and reputational risk. Silos between IT, clinical leadership and executives can slow response and increase downtime if those relationships haven’t been tested in advance
MHN: What do you hope attendees learn from your talk?
Doerr: My goal is that attendees walk away with a clear understanding that ransomware resilience is an organizational capability, not a one-time technical fix. Technology matters, but outcomes improve most when executive leadership, clinical teams and security are aligned before an incident occurs.
Attendees will leave with a practical framework for assessing their own readiness, strengthening decision-making under pressure and using tabletop exercises and metrics to drive measurable improvement. Most importantly, I want leaders to see ransomware preparedness is a patient safety and care continuity issue, not just a cybersecurity problem, and to feel confident they can take concrete next steps to improve resilience in their own organizations.
Scott Doerr's session "Ransomware Resilience: Ensuring Patient Care Continuity Under Cyber Attack" is scheduled for Wednesday, March 11th, from 3:15 p.m. - 4:15 p.m. in Palazzo K I Level 5 at HIMSS26 in Las Vegas.
