Healthcare ransomware attacks are on the increase

There has been a leap in ransomware attacks this year on healthcare organisations, including hospitals, clinics, and other direct care providers, according to a report from US tech security company Comparitech.

In the first nine months of 2025, Comparitech recorded 423 healthcare attacks, including 294 on care providers and 130 on other businesses such as pharma companies, billing providers, and healthtech firms.

The number of attacks on the former group is roughly in line with the same period of 2024, but attacks on healthcare businesses rose by 30 per cent.

Among the reasons for the spike could be a high number of attacks on these companies in recent years, raising their profile among attackers, as well as the fact that these businesses tend to deal with multiple healthcare providers, which can give hackers access to a larger number of potential victims through one central target.

The report highlights to recent attacks – against Ascension and Synnovis – which have raised awareness and prompted healthcare providers to "make sure systems are up to date, employees have received cybersecurity training, regular backups are stored, and so on."

That said, there are signs the attackers are switching tactics to target third-party contractors used by the organisations.

Looking at the numbers, almost 7.5m records were breached in the confirmed attacks on health providers, with an average ransom demand of just over $500,000. The most active criminal groups were INC, Qilin, SafePay, RansomHub, and Medusa, and the biggest breach hit US provider Frederick Health.

For healthcare businesses, around 6m records were breached, with an average demand of $530,000, with the top perpetrators Qilin, KillSec, Akira, INC, and SafePay. The biggest attack of the year to date involved healthtech firm Episource.

Photo by Joshua Koblin on Unsplash