Ransomware Tops Growing Cyber Threats in Healthcare, Driving Up Breach Costs

Based on the analysis of the state of healthcare cybersecurity between 2009 and 2025, ScienceSoft predicts that by the end of 2026:

• Healthcare will remain the top industry for ransomware attacks.
• Over 40% of health systems in the US will experience a ransomware attack.
• The average cost of a data breach in healthcare will surpass $12 million.
• The share of hospitals experiencing disrupted care delivery due to ransomware attacks will reach 60%.

Cybercrime in Healthcare — a Chronic Disease

Considering the sensitivity of the data processed by health organizations and the impact of disrupted IT systems on diagnosis and treatment, it’s disturbing to see the relentlessly upward cybercrime trend in numerous cybersecurity reports year after year. ScienceSoft has found that healthcare has been and remains one of the most targeted industries for more than 10 years, and the prognosis for 2026 is not optimistic.

What attracts hackers to healthcare? Firstly, healthcare organizations store vast amounts of sensitive data — a treasure trove for cybercriminals. Secondly, healthcare organizations are willing to pay ransoms to protect patient data from disclosure and avoid disruptions at all costs. The patient and cybersecurity professionals express concerns about data breaches, and rightly so: compared to other industries, healthcare and public health saw the most data breaches in 2024, totaling 206.

What’s behind these numbers? Healthcare organizations tend to rely on existing cybersecurity controls and neglect proactive measures. Technology-wise, hackers outpace the healthcare industry. Health organizations largely depend on legacy systems lacking modern security controls or vulnerability patches.

While many assume cyberattacks require deep technical expertise, the entry barrier for cybercriminals has significantly lowered. Today, even less-skilled actors can craft convincing phishing emails using freely available generative AI tools. Although some adversaries rely on basic tactics, the broader cybercrime ecosystem remains highly organized, often outpacing the cybersecurity readiness of many healthcare providers.

Summing up, the healthcare industry is an easy and lucrative target of cybercrime due to the high value of patient data, easily hackable legacy systems, and a well-known history of paying out ransoms.

Clear Symptoms Behind the Prognosis

Ransomware continues to pose a serious and escalating threat to the healthcare sector. In 2024, healthcare and public health ranked second in ransomware attacks, behind only critical manufacturing. Sophos, a British cybersecurity company, reported that the share of healthcare organizations hit by ransomware in 2024 nearly doubled since 2021 (34%), reaching 67%.

The consequences of these attacks are severe. In 74% of cases, data was successfully encrypted, and 58% of computers within targeted organizations were impacted, surpassing the cross-sector average of 49%. Between 2021 and 2024, the number of health systems affected increased threefold from 27 to 85, with the share of affected health systems climbing from 6% to 20%. We predict that it will exceed 40% by 2026.

Several factors contribute to the growth of ransomware attacks against healthcare:

• Healthcare staff lack the necessary training and security awareness. This insufficient preparedness has made email phishing the leading entry point for cyberattacks, responsible for 63% of all access point breaches in 2024.
• Healthcare organizations often lack proper patch and vulnerability management and rely on legacy technology with unpatched, easily exploitable vulnerabilities.
• In 2024, security professionals named the lack of funding for cybersecurity as the top challenge to cybersecurity preparedness. Historically, healthcare organizations have invested 6% or less of their IT budgets in cybersecurity. Hence, understaffed cybersecurity teams and the absence of proactive cybersecurity measures are common challenges.
• Healthcare is famous for paying ransoms. In 2024, more than half of healthcare victims of ransomware attacks paid more than was demanded initially.
• Cybercriminals are more organized and prepared. Equipped with advanced ransomware and Generative AI, they can spend less time on preparing and executing attacks.

The spike in ransomware attacks against the health sector contributes to decreased care quality caused by cybersecurity incidents. ScienceSoft predicts that the share of hospitals experiencing disrupted care delivery due to ransomware attacks will reach 60% in 2026.

Healthcare has been among the most targeted industries by cybercriminals for over a decade, and the most costly. The average cost of a data breach in healthcare is growing at twice the rate of other industries, reaching $9.8 million in 2024, up from $6.5 million in 2019 (CAGR: 8.7%). We project that it will surpass $12 million by the end of 2026.

A significant impact of cyberattacks is the loss of sensitive information, including protected health information, which leaves patients vulnerable to identity theft and insurance fraud. ScienceSoft has identified 10 most significant healthcare data breaches in the US in 2023–2025, with 9 out of 10 of those breaches caused by hacking. The total number of exposed medical records amounted to 273 million.

The largest healthcare data breach in history occurred in February 2024, when Change Healthcare, a UnitedHealth Group subsidiary, was targeted by ransomware. It’s estimated that 190 million medical records (more than half of the population of the United States) were exposed in one breach. The breach cost the company more than $3 billion.

How Will the Prognosis Manifest: Complications or Remission?

With ransomware projected to hit 40% of health systems and disrupt care delivery in 60% of hospitals in the US, as well as breach costs expected to exceed $12 million, the fallout will affect patients, providers, and the broader ecosystem in profound ways.

Patients: Data Leaks, Care Delays, and Diminished Trust

When ransomware paralyzes electronic health record (EHR) systems or imaging software, the fallout of disrupted care is immediate: canceled procedures, delayed diagnoses, and longer hospital stays. Longer hospital stays may translate into increased out-of-pocket expenses or rising insurance premiums. Data breaches expose sensitive health and identity details, putting patients at risk of fraud and financial loss.

Still, the growing frequency and visibility of such incidents may serve as a wake-up call. As patients become more aware of cybersecurity risks and best practices, they may take a more active role in protecting their health data, for example, by being more responsible about credentials to access patient portals and mobile health apps. With public frustration mounting, the pressure may finally tip the scales toward stronger privacy laws and more patient-centered protections.

What can patients do to protect their data? We recommend creating strong and unique passwords, enabling multi-factor authentication when available, logging out of patient portals after use, and being cautious about clicking links in emails or texts claiming to be from healthcare providers.

Healthcare Providers: Under Pressure, but Not Powerless

In 2026, the healthcare sector is expected to continue to battle the wave of cyber threats and suffer damaging effects. Cyberattacks can cause operational setbacks, disrupting scheduling, crashing EHR systems, and derailing billing processes. Clinicians are forced to revert to manual processes and paper, increasing the risk of medical errors. The financial toll is steep: HIPAA penalties, ransom payments, recovery costs, and legal fees strain already tight budgets. Meanwhile, repeated crises exhaust IT teams and clinical staff, causing professional burnout and deepening workforce shortages.

There is a way to prevent these risks. Healthcare organizations must adopt a proactive approach to cybersecurity. A strong first step is investing in layered protection, which includes employee training, new security policies, zero-trust architecture, endpoint protection, incident response, modern backup systems, and legacy system modernization — all supported by skilled security teams.

To ensure these defenses actually work when it matters, organizations should regularly test them through security assessments like social engineering simulations and penetration testing. For organizations unsure where to start, our researchers have shortlisted the top penetration testing vendors to support informed decision-making.

Stronger cybersecurity investment is key to better defense and faster recovery, and budgets are already trending upward, according to a recent HIMSS survey.

Wider Effects: Healthcare Cybersecurity Goes National

The rising wave of ransomware attacks in healthcare is triggering system-wide ripple effects. As threats grow more frequent and disruptive, federal authorities are likely to treat healthcare as critical infrastructure — on par with defense and energy — with expanded oversight and funding.

Regulatory reform is also on the horizon. Prolonged cyber incidents are expected to push lawmakers toward stricter compliance requirements across all critical industries — not just healthcare.

The security sector will likely expand rapidly, with major investments flowing into managed security services and AI-powered defense tools to meet surging demand.

On the global stage, countries could tighten data localization laws, viewing cross-border data flow as a national risk.

Request a copy