Nine days. That is how long Brockton Hospital in Massachusetts ran on paper after the Anubis ransomware group hit its systems on April 6, 2026. Chemotherapy appointments were cancelled. Ambulances were diverted. Staff who had never touched a paper chart in their careers were suddenly scribbling medication orders by hand. The hospital did not resume normal ambulance service until April 15. Nine days is a long time when someone needs chemotherapy.

The obvious question people keep asking is whether hospitals should simply go back to paper permanently, or at least maintain parallel paper systems, so ransomware has nothing to encrypt. The question sounds reasonable. The answer is no, and the evidence is not close.

The Death Toll Is the Argument

A 2026 Medicare data analysis found that hospitalized patients face a 38% higher risk of death during ransomware attacks. That number is doing a lot of work. Critics of electronic health records will read it as proof that digital systems are dangerous. They have the causation backwards. The elevated mortality comes from the disruption itself: delayed lab results, inaccessible medication histories, degraded monitoring. Paper does not eliminate that disruption. Paper is that disruption, running continuously, at scale, every single day.

Electronic records exist because paper killed people. Illegible handwriting caused medication errors. Missing allergy information caused anaphylaxis. Duplicate testing happened because no one could find the original results. The systematic evidence for EHR benefits in reducing medication errors is not ambiguous. A 2023 meta-analysis in the Journal of the American Medical Informatics Association covering 47 studies found consistent reductions in prescribing errors after EHR adoption. Returning to paper to avoid cyberattacks is the clinical equivalent of refusing to drive because planes sometimes crash.

The scale of the attack problem is real. Ransomware hit 445 hospitals and clinics in 2025, a new peak. More than 250 healthcare organizations were compromised in 2024, two and a half times the 2021 figure. The University of Mississippi Medical Center's March 2026 attack shut down electronic medical records statewide, cancelled outpatient surgeries, and closed clinics. These are serious harms. They demand serious responses.

Downtime Procedures Are Not the Same as Paper Dependency

Here is where I will grant the other side a fair point: hospitals genuinely need practiced manual workflows for when systems go down. The Szczecin hospital in Poland activated paper procedures within hours of its March 2026 attack and maintained patient care without reported fatalities. Preparedness matters. But preparedness for a power outage does not mean ripping out the electrical grid.

The actual infrastructure gap is not paper versus digital. It is offline encrypted backups that ransomware cannot reach, multi-factor authentication on every account touching patient data, and staff who have drilled downtime procedures recently enough to execute them without panic. The Mile Bluff Medical Center in Wisconsin described its April 22, 2026 attack as "narrow in scope" partly because its clinical teams shifted to downtime procedures without catastrophic delay. That is what good preparation looks like. It is not a clipboard strategy. It is a recovery strategy.

Hospital administrators who are genuinely considering permanent parallel paper systems should price that out: the storage costs, the transcription errors, the staff hours, the physical security requirements for paper records under HIPAA. Then compare that to the cost of air-gapped backups and a real incident response plan.

The 38% elevated mortality during ransomware attacks is an argument for better cybersecurity, not for abandoning the systems that reduced medication errors and saved lives before ransomware existed. Hospitals should invest in offline backups, train staff in downtime procedures quarterly, and implement multi-factor authentication yesterday. The paper chart is not a safety net. It is what we had before we built the net.