New research from Comparitech, based on data from its worldwide ransomware tracker, finds a 30 percent rise in ransomware attacks on healthcare businesses in the first nine months of 2025.

It recorded 293 ransomware attacks on hospitals, clinics, and other direct care providers -- a similar number to 2024 -- but there were a further 130 attacks on businesses operating within the healthcare sector, such as pharmaceutical/medical manufacturers, medical billing providers, and healthcare tech companies.

Rebecca Moody, head of data research at Comparitech, notes that healthcare providers have suffered frequent attacks in recent years and their response may have led to more attacks in the wider sector. “From the 2024 attack on Ascension in the US, which saw nearly 5.6 million records breached, to the crippling 2024 attack on UK-based Synnovis, which saw Qilin demand a $50 million ransom, there have been many high-profile attacks on this sector. This has raised awareness of the threat of ransomware in healthcare, which, in turn, may have spurred organizations into action. For example, providers may have worked to make sure systems are up to date, employees have received cybersecurity training, regular backups are stored, and so on.”

It’s also the case that healthcare businesses often deal with multiple providers, making them an attractive target due to large amounts of shared data.

Overall 6,049,434 records are known to have been breached in confirmed attacks on healthcare businesses with an average ransom demand of $532,000.

The US has seen the highest number of attacks on healthcare providers and businesses with 257 in total. 74 of these were confirmed with 63 on providers and 11 on businesses. Australia, Germany, and the United Kingdom follow with 15, 13, and 12 attacks, respectively. Australia’s figure represents a significant 67 percent increase against only nine attacks last year.

