When a hospital suffers a ransomware attack, the consequences are not confined to the server room. The impact hits the emergency department, the operating theater, and the cardiac care unit. In fact, a peer-reviewed study published in JAMA Network Open found that hospitals neighboring a ransomware-struck facility experienced an 81% surge in cardiac arrest cases as ambulances diverted to their doors—and survival rates for out-of-hospital cardiac arrests at those facilities dropped from 40% to just 4.5% during the attack period. Separately, research by Ponemon Institute and Proofpoint found that 28% of healthcare organizations reported increased patient mortality following a cyberattack.

These facts make one thing clear: healthcare resilience is no longer simply a data security problem, it’s a patient safety imperative. 

At the center of every modern hospital's ability to function is a single, irreplaceable system: the Electronic Health Record (EHR). Modern hospitals run on their EHR. It is the system of record for every patient, with critical can’t-miss information on medications, allergies, lab results, imaging orders, surgical histories, and care plans. When the EHR goes offline, clinical teams often revert to paper-based downtime procedures, but those procedures were never designed to sustain a large facility for days or weeks. A Comparitech analysis of 654 healthcare ransomware incidents found that the average downtime for a hospital following a ransomware attack is between 17 and 19 days, with 37% of organizations reporting recovery times exceeding one month.

During that period, care degrades in ways that are hard to quantify but easy to feel on the floor. Medication orders are written by hand and verified from memory. Physicians make decisions without access to a patient's full history. Lab results travel by paper instead of appearing in real time. The risk of adverse events like missed drug allergies, duplicate orders, or delayed diagnoses compounds with every hour the system remains dark. 

To help prevent the adverse outcomes associated with EHR failure, Rubrik is  pleased to announce a landmark strategic collaboration with MEDITECH to deliver native cyber resilience integrations for self-hosted and on premises solutions. 

This announcement means Rubrik has native integrations across the three major EHR platforms serving US hospitals—Epic, Oracle Health (formerly Cerner), and MEDITECH—which collectively serve the largest share of US hospitals and have become operational infrastructure just as critical as power and water.

Attackers Don't Just Encrypt Your Data, They Destroy Your Recovery

The most dangerous weapon in modern ransomware is not the encryption of production systems. It is the systematic destruction of backup environments before the attack payload is triggered. Ransomware operators understand that a victim with intact backups is a victim who doesn't pay, so they eliminate the ability to recover first. Indeed, Sophos's State of Ransomware 2024 report found that 94% of ransomware victims had their backup systems targeted during the attack. 

The evidence is unambiguous: attackers target backups, credentials are compromised before the encryption begins, and the window between initial access and detonation spans nearly two weeks. Responding to this threat requires two capabilities that must be built into the architecture of your backup platform—not bolted on as policy settings that a privileged user can override.

The Answer: True Immutability by Design and Threat Intelligence That Finds the Clean Copy

True immutability by design means that a backup copy, once written, physically cannot be deleted, encrypted, or modified by anyone—not by an attacker who has stolen administrator credentials, not by a compromised backup server, not even by Rubrik support. This immutability is not a retention lock that an admin can disable through a settings page. It is an architectural constraint: the system simply has no mechanism that permits a backup to be removed during its retention period. 

Rubrik enforces this through multi-party authorization requirements for any security-sensitive operation, with no privileged access pathways that bypass the retention model. For healthcare organizations facing attackers who spend days hunting for and disabling backup systems before triggering ransomware, this design is the difference between having a guaranteed recovery option and having none.

But immutability alone is not sufficient. With an average attacker dwell time of 11 days, backups taken during the intrusion period may already contain compromised data—staging files, dropped payloads, or early-stage encryption activity. Restoring the most recent immutable backup could mean restoring the threat itself. 

This is where threat intelligence becomes essential. Rubrik continuously scans backup data for known malware signatures, ransomware indicators, anomalous file encryption patterns, and suspicious behavioral signals across every snapshot, automatically. When an incident occurs, security teams can immediately identify the last known clean recovery point: the most recent snapshot that predates any evidence of compromise. 

Clinical operations can be restored on trusted data, not on a snapshot that contains the seed of the next attack. Immutability ensures the recovery point exists. Threat intelligence ensures it is actually safe to use.

Rubrik + Meditech: Two Integration Paths for Complete EHR Protection

Rubrik’s collaboration with MEDITECH delivers native cyber resilience integrations for full EHR protection. Rubrik offers two paths—one for health systems that have moved to a self-hosted cloud and one for those operating on-premises.

Rubrik Now Protects All Three Major EHR Platforms

With last week’s announcement, Rubrik has integrations across all three major EHR platforms serving a majority of US hospitals: Oracle Health, Epic, and MEDITECH.

This announcement represents a commitment to the healthcare sector: Rubrik is committed to protecting your most critical applications so that patient care can continue, even during a cyber attack. 

Learn more at rubrik.com/industries/healthcare or contact your Rubrik account team.

Any unreleased services or features referenced in this document are not currently available and may not be made generally available on time or at all, as may be determined in our sole discretion. Any such referenced services or features do not represent promises to deliver, commitments, or obligations of Rubrik, Inc. and may not be incorporated into any contract. Customers should make their purchase decisions based upon services and features that are currently generally available.