Comparitech researchers have released a study looking at all the healthcare ransomware attacks in the first quarter of 2026. According to the findings, Q1 2026 saw 120 a recorded 120 ransomware attacks on hospitals, clinics, and other healthcare providers. Additionally, business operating within the healthcare sector (such as pharmaceutical/medical manufacturers, medical billing providers, or healthcare tech companies), saw a recorded 81 ransomware attacks.
Interestingly, attacks on providers dipped 15% from the previous quarter, but attacks on healthcare businesses jumped 35%.
Commenting on these findings is Rebecca Moody, Comparitech’s Head of Data Research:
“Our latest quarterly healthcare report highlights how this sector remains one of the most dominant targets for hackers. For the last two quarters, attacks have been consistently high with hackers focusing on healthcare providers and businesses operating within the healthcare industry. This means healthcare providers not only have to safeguard their own systems from attacks but also need to ensure the third parties they’re using are reaching the same standards.
As the most dominant strain for many months now, Qilin’s attack figures far exceed those of other groups. But this isn’t the case when it comes to healthcare businesses. It claimed just three attacks in three months here, despite claiming 550 victims in total across Q1 of 2026. In contrast, it claimed 23 attacks on healthcare companies.
LockBit and The Gentlemen are other key threats to healthcare providers, while INC appears to focus more on healthcare businesses (claiming eight attacks here compared to five on healthcare providers).
The focus on certain sectors by certain groups could be due to the success of certain campaigns within a particular industry, or an attempt to infiltrate a sector that isn’t as saturated/high profile when it comes to ransomware. For example, over the last year or so, we have noted a shift toward healthcare businesses. This could be due to how heavily targeted healthcare providers were in previous years. So, while some groups are still “enjoying” success in this sector, others have found a lucrative opening within companies that still deal with critical healthcare systems/services and/or store key healthcare data but don’t necessarily deal directly with patients.”
You can read the study here: https://www.comparitech.com/news/healthcare-ransomware-roundup-q1-2026-stats-on-attacks-ransoms-and-data-breaches/
Like this:
Like Loading...
Related
This entry was posted on April 29, 2026 at 9:01 am and is filed under Commentary with tags Comparitech. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Healthcare ransomware: Q1 2026 stats on attacks, ransoms, and data breaches
Comparitech researchers have released a study looking at all the healthcare ransomware attacks in the first quarter of 2026. According to the findings, Q1 2026 saw 120 a recorded 120 ransomware attacks on hospitals, clinics, and other healthcare providers. Additionally, business operating within the healthcare sector (such as pharmaceutical/medical manufacturers, medical billing providers, or healthcare tech companies), saw a recorded 81 ransomware attacks.
Interestingly, attacks on providers dipped 15% from the previous quarter, but attacks on healthcare businesses jumped 35%.
Commenting on these findings is Rebecca Moody, Comparitech’s Head of Data Research:
“Our latest quarterly healthcare report highlights how this sector remains one of the most dominant targets for hackers. For the last two quarters, attacks have been consistently high with hackers focusing on healthcare providers and businesses operating within the healthcare industry. This means healthcare providers not only have to safeguard their own systems from attacks but also need to ensure the third parties they’re using are reaching the same standards.
As the most dominant strain for many months now, Qilin’s attack figures far exceed those of other groups. But this isn’t the case when it comes to healthcare businesses. It claimed just three attacks in three months here, despite claiming 550 victims in total across Q1 of 2026. In contrast, it claimed 23 attacks on healthcare companies.
LockBit and The Gentlemen are other key threats to healthcare providers, while INC appears to focus more on healthcare businesses (claiming eight attacks here compared to five on healthcare providers).
The focus on certain sectors by certain groups could be due to the success of certain campaigns within a particular industry, or an attempt to infiltrate a sector that isn’t as saturated/high profile when it comes to ransomware. For example, over the last year or so, we have noted a shift toward healthcare businesses. This could be due to how heavily targeted healthcare providers were in previous years. So, while some groups are still “enjoying” success in this sector, others have found a lucrative opening within companies that still deal with critical healthcare systems/services and/or store key healthcare data but don’t necessarily deal directly with patients.”
You can read the study here: https://www.comparitech.com/news/healthcare-ransomware-roundup-q1-2026-stats-on-attacks-ransoms-and-data-breaches/
Share this:
Like this:
Related
This entry was posted on April 29, 2026 at 9:01 am and is filed under Commentary with tags Comparitech. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.