A real person showing up is a huge cost and risk. No threat actor will continue an attack on just a hospital like that. The economics make no sense and any money is already extracted. Ransomware shops are very happy to just shotgun the internet from afar.

A far bigger risk is accepting incompetent volunteers if anything.

I didn't say anything about original attacker continuing the attack.

The same answer still applies: That attack vector doesn't have a positive ROI.

The nature of my work helped to quickly sort that out