The healthcare industry continues to face relentless pressure from cybercriminals, recording an average of 2,443 cyberattacks per week according to recent figures from the Spanish cybersecurity firm Secure&IT. Overall, cyber incidents rose by 18% compared with the previous year, with July emerging as the most active month for attacks, accounting for 30% of total incidents.
“Cybercrime continues to evolve, targeting sectors such as healthcare, industry, services and distribution, all of which handle large volumes of sensitive information and operate critical systems,” explained Francisco Valencia, General Director of Secure&IT. “Healthcare organisations are particularly at risk because an attack can compromise not just data, but also patient safety.”
Rising Attacks Against Healthcare Organisations
According to the ENISA Threat Landscape 2025 report, the majority of incidents affecting the healthcare sector involve ransomware (45%) and data breaches (28%). The number of attacks on medical institutions increased by 10% compared to the previous year, making the sector one of the most frequently targeted worldwide.
Hospitals, laboratories, health authorities, and pharmaceutical companies are among the hardest hit. Attackers continue to rely on ransomware and data theft techniques that severely disrupt healthcare delivery and patient services.
Medical Data Valued at $1,000 on the Dark Web
Medical data is among the most lucrative assets for cybercriminals. Patient records, financial details and other personal identifiers can fetch high prices on underground markets — far exceeding the value of credit card data. Reports show that a stolen medical record can sell for as much as US$1,000, compared to US$5–7 for a credit card and US$2 for a Social Security number.
Such information can be exploited for extortion, fraud, or identity theft, with long-term consequences for both institutions and individuals.
Common Attack Vectors in the Health Sector
Healthcare-focused cyberattacks typically include ransomware, phishing, supply chain intrusions and DDoS attacks. These disrupt data availability and degrade the quality of patient care. According to ENISA, ransomware remains the leading threat, followed by data exfiltration and denial-of-service campaigns targeting system uptime.
Attacks on suppliers and third-party service providers are also increasing, amplifying risk exposure for hospitals and laboratories that depend on interconnected technologies.
“Cybersecurity in healthcare is not optional. It is essential to safeguard patient privacy and ensure continuity of care,” said Francisco Valencia. “Hospitals and clinics must invest in proactive measures such as software patching, staff training, and coordinated public–private security initiatives.”
Regulatory and Strategic Response
The NIS2 Directive, in effect since October 2024, mandates that healthcare institutions implement stronger cybersecurity controls and report major incidents within 24 hours. The regulation aims to reduce systemic risks and improve Europe’s collective cyber resilience.
Public–private cooperation has become a central pillar of this approach, encouraging information sharing and coordinated defence strategies across healthcare networks.
High-Impact Incidents in 2024–2025
In June 2025, several hospitals in the United Kingdom suffered a ransomware attack that forced the cancellation of over 800 surgeries and disrupted critical patient care. Around the same time, Health-ISAC reported major incidents affecting laboratory suppliers in Germany and France, leading to delays in clinical analysis services.
One of the most damaging attacks occurred in February 2024 when U.S. company Change Healthcare was hit by the BlackCat (ALPHV) ransomware group. The breach disrupted payment processing, prescription management, and access to care across numerous facilities, impacting an estimated 100 million individuals. Parent company UnitedHealth Group later disclosed losses exceeding US$2.45 billion related to the incident.
“The consequences of healthcare cyberattacks extend far beyond financial losses,” said Valencia. “These incidents can delay diagnoses, interrupt treatments, and even endanger patient lives. The stakes are not just digital — they are human.”