Nurses Week Report: FBI Cyber Warning Puts Hospital Nurses' Downtime Readiness in Focus

Black Book Research six month survey of 480 registered nurses finds 78% experienced an unplanned clinical technology outage in the past year, 64% report no recent realistic downtime drill, and 62% lack confidence administering medications safely without eMAR or barcode scanning

NEW YORK CITY, NY / ACCESS Newswire / May 6, 2026 / Black Book Research today released findings from a national survey of 480 registered nurses examining hospital cyber-downtime readiness from the bedside perspective, as National Nurses Week begins amid heightened federal concern over cyber risks facing hospitals and health systems.

The report, "The Nurse Cyber-Downtime Gap" reframes hospital cybersecurity as a clinical-continuity and patient-safety issue, focusing on whether nurses can safely continue care when EHRs, medication systems, communication tools, networks, and connected devices become unavailable.

According to FBI internet-crime data cited by the American Hospital Association, health care and public health was the top sector targeted for cyberthreats in 2025, with 460 ransomware attacks and 182 data breaches, totaling 642 cyber events. Black Book's findings suggest that while hospital cyber planning is accelerating, bedside readiness may not be keeping pace.

"This Nurses Week, the most important cybersecurity question for hospital leaders is not only whether the organization has a cyber plan," said Doug Brown, Founder of Black Book Research. "It is whether a registered nurse can safely verify an order, administer a medication, reach a provider, identify a patient, and document care when clinical systems are down."

Key Findings

Among the registered nurses surveyed:

• 78% reported experiencing at least one unplanned clinical technology outage or disruption in the past 12 months.

• 64% reported no known realistic downtime drill in the past year.

• 62% said they were not confident their unit could safely administer medications for four or more hours without eMAR access or barcode medication administration.

• 67% raised concerns that downtime materials are not consistently current, trusted, accessible, or clearly understood at the unit level.

• 91% did not clearly report bedside RN inclusion in cyber-downtime planning, tabletop exercises, or clinical-continuity design.

• 55% said backup communication would be unreliable if secure chat, Wi-Fi, phones, or VoIP systems failed.

• 74% said post-downtime reconciliation creates added patient-safety risk after systems return.

• 65% said their unit probably could not or could not safely function for 24 hours without mission-critical clinical technology.

Medication safety emerged as the leading cyber-downtime concern. Sixty-seven percent of nurses selected a medication administration or medication dispensing system as the highest-risk technology failure point. When EHR order access is included, 81% selected medication, dispensing, or order-access disruption as the greatest immediate safety risk.

Only 15% of nurses said their most recent downtime drill included a full medication-administration workflow without eMAR or barcode scanning. Another 39% said medication downtime was not practiced at all, while 22% were unsure.

"If bedside registered nurses are not in the tabletop exercise, the tabletop is incomplete," Brown said. "Cyber-downtime planning must include the people who administer medications, receive critical results, escalate orders, coordinate handoffs, manage family questions, and document care under outage conditions."

Nurse Cyber-Downtime Readiness Index

Black Book also introduced a preliminary Nurse Cyber-Downtime Readiness Index, scoring nurse-reported readiness across six operational domains. The composite score was 37 out of 100, with the lowest-rated areas including bedside RN inclusion in cyber planning, realistic drill frequency, medication fallback readiness, backup communication, and post-downtime recovery workflows.

Black Book said the results point to a measurable gap between written downtime policy and bedside execution readiness. The report concludes that cyber-downtime planning should be tested not only by IT and security teams, but also through realistic unit-level simulation involving nurses, pharmacy, lab, imaging, respiratory therapy, patient placement, transport, informatics, and hospital operations.

Hospital Cybersecurity Strategies for Success

Black Book recommends that hospitals and health systems reassess cyber-downtime readiness from the nurse's point of view. Key priorities include:

• Treat cyber downtime as a patient-safety issue, not only an IT recovery event.

• Conduct realistic unit-level drills involving medication administration, order verification, communication, lab and imaging workflows, transfers, handoffs, and documentation recovery.

• Make medication downtime a standalone safety program covering eMAR, barcode medication administration, automated dispensing, allergy alerts, interaction checks, smart pump integration, and reconciliation.

• Test communication failure independently, including secure chat, Wi-Fi, VoIP, paging, phones, and nurse-call dependencies.

• Treat system recovery as a high-risk clinical transition requiring staffing, audit trails, reconciliation controls, and safeguards against duplicate orders, missed medications, delayed results, and documentation gaps.

• Include bedside registered nurses in cyber tabletop exercises alongside nursing leadership, pharmacy, lab, imaging, respiratory therapy, patient placement, transport, informatics, IT, and security teams.

Methodology

Black Book Research surveyed 480 registered nurses across hospital, health system, hospital-based outpatient, post-acute, and related clinical environments between October 2025 and April 2025 on 5 major themed polls. Respondents included bedside registered nurses, charge nurses, nurse managers, nurse informatics professionals, quality and care coordination nurses, APRNs, and other licensed RN roles with direct or recent exposure to clinical technology workflows.

The survey examined nurse-reported experience with EHR downtime, medication-system disruption, clinical communication failure, downtime-drill realism, paper workflow readiness, backup communication, post-downtime reconciliation, and frontline inclusion in cyber-continuity planning. Percentages are rounded. Some questions allowed multiple responses and may total more than 100%. Industry stakeholders and media may download the report on the Black Book website or by email request to the Press Office.

About Black Book Research

Black Book Research is an independent healthcare market research and public opinion research firm focused on healthcare technology, services, client experience, user satisfaction, vendor performance, and emerging issues affecting healthcare organizations, clinicians, payers, investors, and technology buyers in over one hundred countries worldwide.

Media Contact:

Black Book Research Press Office
Email: research@blackbookmarketresearch.com
Phone: 800-863-7590
Website: blackbookmarketresearch.com

SOURCE: Black Book Research