International Circuit
Cyberattacks on healthcare sector jumped 14% in first half of 2026
In February, a ransomware attack against the University of Mississippi Medical Center disrupted operations for more than two weeks. In March, a cyberattack on German medical-billing provider Unimed, which services 95% of the nation’s university hospitals and more than half of large clinics, resulted in the theft of sensitive health data for tens of thousands of patients.
In the first half of 2026, cyberattacks on the healthcare sector jumped 14%, slightly more than the overall increase of 11% across all industries, according to data from technology research firm Comparitech. While healthcare providers — such as hospitals and doctors’ offices — saw a moderate rise in attacks, healthcare businesses suffered a significant increase of 35% compared with the second half of 2025 and 110% compared with the same six months from the previous year.
Much of the shift in focus is likely because attackers have recognized that compromising a single provider can provide access to multiple hospitals, says Rebecca Moody, head of data research at Comparitech.
“The fact is that through one central hub, you’re targeting multiple healthcare organizations that often have huge databases or were providing third-party services to hundreds of hospitals,” she says. “Obviously, it puts more pressure on the entity that’s been affected because they’ve then got to answer to all their clients, and if loads of data’s been stolen, it might increase the chances of getting your ransom.”
The latest data shows that healthcare continues to be a popular target for cybercriminals. In February, TriZetto Provider Solutions disclosed a data breach affecting 3.4 million patients at its customers’ facilities, while QualDerm Partners revealed its own breach from December affecting 3.1 million people. In April, the FBI’s Internet Crime Complaint Center (IC3) announced that the healthcare industry had been the most attacked critical-infrastructure sector in 2025.
Hospitals are seeing more impersonation and social engineering-driven attacks, while facing the ongoing challenge of finding and patching legacy devices, says Errol Weiss, chief security officer at Health-ISAC.
“Hospital CISOs I talk to are taking these threats seriously,” he says. “Their No. 1 challenge is having the resources to adequately protect the hospital networks — that means having the budget to recruit and retain experienced cybersecurity talent and acquiring much-needed technology, but structural realities like legacy medical device complexity, always-on clinical operations, and heavy third-party dependence mean that attackers still see plenty of opportunity.”
Ransomware attacks surge across all industries
The healthcare sector is not alone in seeing more ransomware attacks. Businesses overall have seen an 11% increase in attacks in the past six months, compared with the prior period — just a few percentage points under the healthcare sector, according to the Comparitech report. Yet ransomware gangs are targeting healthcare businesses and those vendors servicing healthcare providers, rather than the hospitals and doctors’ offices, the company found.
Ransomware groups such as Qilin have targeted the US healthcare industry, while newer groups, such as The Gentlemen, appear to be focusing more on Europe and other regions, Comparitech’s Moody says.
While healthcare providers saw more overall confirmed and unconfirmed attacks in the first half of 2026 — 247 compared with 163 for healthcare businesses — the businesses faced a surge that more than doubled the number of attacks compared with the same period in 2025, according to Comparitech data. One healthcare provider, the University of Mississippi Medical Center, had to shut down network access across its 35 facilities after a ransomware attack, causing significant disruptions.
Continued healthcare attacks, dire consequences
Healthcare has several factors that attract continued cybercriminal attention, says Health-ISAC’s Weiss. Overlooked security measures — such as hardened remote access and multifactor authentication — mean that attackers can easily gain initial access to systems. In addition, the ransomware-as-a-service (RaaS) model has broadened the pool of potential attackers looking for easy scores.
Finally, providers tend to see far more serious consequences from cyberattacks, leading to hospitals and their vendors tending to pay ransoms, which attracts even more cybercriminal attention. While having backups can reduce the immediate ransom by more than two-thirds, disruption at hospitals can lead to delays in medical care and “excess deaths,” a measure of the real-world outcomes of disruptions to critical infrastructure. In 2024, for example, a Microsoft study found that a ransomware attack typically leads to an increase in patient volume of 15%, nearly 50% more time in the waiting room, and an increase in the number of confirmed strokes (+113%) and cardiac arrests (+81%).
“Hospitals are in a different class because the impact isn’t abstract — cybersecurity is patient safety,” he says. “If an incident causes a prolonged outage affecting EHRs, labs, imaging, medication workflows, or communications, care slows and risk increases; in extreme cases, people could die. That’s why attackers view hospitals as more likely to pay an extortion demand.” Dark Reading
















