Healthcare Ransomware Statistics
The manufacturing industry accounted for 456 ransomware incidents totaling approximately $284.6 million in reported payments, while the financial services industry accounted for 432 incidents totaling approximately $365.6 million, and the healthcare industry accounted for 389 incidents totaling approximately $305.4 million.
There was a 264% increased surge of ransomware attacks on healthcare organizations.
The healthcare sector experienced 86 ransomware attacks.
The healthcare, government, and technology industries together represented 53% of all publicly disclosed ransomware activity during Q3 2025.
Ransomware attacks in the healthcare sector accounted for 32% of all incidents in Q3 2025.
The healthcare sector had the highest average ransom payment at $7.5 million
20% of organizations in the healthcare sector experienced ransomware incidents annually.
Ransomware groups claimed 118 healthcare organizations as victims in Q3 2025.
In Q2 2025, ransomware attacks on healthcare organizations accounted for 5.8% of all ransomware attacks.
During Q3 2025, Akira claimed one healthcare industry organization as a victim on their DLS.
Ransomware attacks on healthcare organizations accounted for 7.5% of all ransomware attacks in Q3 2025.
In Q2 2025, there were 92 reports of ransomware attacks on healthcare organizations.
61% of healthcare organizations that had ransomware attacks experienced an average of five such attacks in the past two years.
Ransom payment rates by healthcare organizations declined in 2025 (from 36% to 33% in 2025).
The costliest ransom paid by healthcare organizations in 2025 represented a 60% increase from $771,905 in 2022.
67% percent of healthcare organizations say ransomware attacks had a negative impact on patient care.
The costliest ransom paid (extrapolated value) by healthcare organizations was $1.2 million.
55% of respondents from healthcare organizations believe their organizations are vulnerable or highly vulnerable to a ransomware attack.
56% of healthcare organizations that experienced ransomware attacks say it resulted in delays in procedures and tests.
67% of healthcare organizations that experienced ransomware attacks say it resulted in longer lengths of patient stay.
Between 2019 and 2023, healthcare experienced large losses primarily from ransomware (57.1%), followed by data breaches (28.6%) and other causes (14.3%).
The average duration business operations were affected by ransomware in health care was 70 days.
67% of organisations in healthcare were affected by ransomware.
Healthcare ranked third in June 2025 with 42 ransomware attacks, nearly doubling from 22 in May.
The healthcare sector was the most targeted with 52 publicly disclosed ransomware attacks between April - June 2025.
The healthcare sector dropped out of the top five most targeted industries by ransomware for the first time since Q2 2022.
Healthcare reported the lowest median ransom payment at $150,000.
Social engineering attacks (48%) and ransomware (34%) were the most common types of cyberattacks on healthcare organizations in the past year.
The health care sector had the highest average ransom paid of any industry, at $847,875.
89% of healthcare organisations have the top 1% of riskiest IoMT devices on their networks, which contain known exploitable vulnerabilities (KEVs) linked to active ransomware campaigns and an insecure connection to the internet.
1% of IoMT devices carry KEVs linked to active ransomware campaigns and insecure internet connectivity, impacting 89% of organisations.
20% of HIS (hospital information systems), which manage clinical patient data, as well as administrative and financial information, have KEVs linked to ransomware and insecure internet connectivity, impacting 58% of organisations
There has been a 264% increase in ransomware attacks on healthcare since 2018.
The healthcare sector accounted for 22% of all disclosed ransomware attacks in 2025.
There was a total of 374 tracked healthcare ransomware attacks in 2024.
There were 66 ransomware healthcare victims in Q1 2024, 87 healthcare victims in Q2 2024, 99 healthcare victims in Q3 2024, and 121 healthcare victims in Q4 2024.
The most active ransomware groups targeting healthcare in 2024 were: Everest: 25% of attacks focused on healthcare organisations, INC Ransom: 21.7% of attacks focused on healthcare organisations, Monti: 20.8% of attacks focused on healthcare organisations, Rhysida: 18.5% of attacks focused on healthcare organisations, BianLian: 15% of attacks focused on healthcare organisations, Qilin: 14% of attacks focused on healthcare organisations, and Black Suit: 14% of attacks focused on healthcare organisations.
There was a 32.16% increase in healthcare ransomware attacks from 2023 to 2024.
There was 211 US healthcare ransomware victims in 2023 and 268 in 2024, a 27% increase.
61.6% of healthcare ransomware victims reported attacks to the HHS in 2024.
There were 66 ransomware healthcare victims in Q1 2024, 87 healthcare victims in Q2 2024, 99 healthcare victims in Q3 2024, and 121 healthcare victims in Q4 2024.
There was 211 US healthcare ransomware victims in 2023 and 268 in 2024, a 27% increase.
Only 37.4% of healthcare ransomware victims reported attacks to the HHS in 2023.
Only 37.4% of healthcare ransomware victims reported attacks to the HHS in 2023.
The healthcare sector is the third-most targeted sector for ransomware attacks, following manufacturing and professional services.
There was a significant rise in healthcare ransomware attacks in 2024. From Q1 2023 to Q3 2023, healthcare was the 6th or 7th most targeted sector, but it jumped to third position in Q4 2023 and has remained there.
Types of healthcare providers targeted in 2024 were: Physicians' offices accounted for 25% of attacks, general medical and surgical hospitals accounted for 22% of attacks, other health professionals' offices (outpatient centres, family services etc) accounted for 9% of attacks, and dentists' offices accounted for 6% of attacks.