Ransomware attacks on the healthcare sector remain stubbornly high, with last year seeing sustained pressure on hospitals, clinics and healthcare-related businesses despite a sharp decline in average ransom demands, according to a new report out today from research site Comparitech .

Through 2025, healthcare providers were targeted by 445 ransomware attacks, up slightly from 437 attacks in 2024, while healthcare-related businesses such as medical billing companies, pharmaceutical manufacturers and healthcare technology firms saw ransomware attacks grow 25% year-over-year to 191 incidents.

The total healthcare sector, including related businesses, saw 636 ransomware attacks through 2025.

The year, notably, saw attacks on healthcare providers decline from late 2024 through to the third quarter of 2025, before ransomware incidents then jumped by 50% in the fourth quarter. Healthcare businesses also saw attacks fall in the first half of the year before growing significantly in the second half.

Data breaches across the sector are believed to have exposed more than 16.5 million records, though Comparitech cautions in the report that the true number is likely higher as disclosures continue to emerge.

Among healthcare providers, 155 attacks were confirmed, accounting for more than 10.1 million breached records. Average ransom demands fell dramatically to $615,000, down 84% from 2024’s average of $3.9 million.

The most active ransomware strains targeting healthcare providers last year included Qilin, INC, SafePay, Sinobi and Medusa, with Qilin responsible for the highest number of confirmed attacks. The U.S. saw the most incidents overall, followed by Australia, the U.K., Germany, France and Canada.

Healthcare-related businesses also experienced a similar decline in ransom demands as average requests dropped to $584,700, down 92% from 2024. The sector recorded more than 6.4 million breached records across confirmed attacks, with the Qilin ransomware group also leading the attack count, followed by Akira, INC, KillSec and Clop.

The report highlights several major breaches in 2025, including attacks on Episource LLC affecting more than 5.4 million people, DaVita Inc. with nearly 2.7 million affected, and a breach of SimonMed Imaging Inc., where more than 1.2 million records were compromised following a Medusa ransomware attack.

Interestingly, Comparitech’s researchers were able to find only two confirmed ransom payments made by the sector last year, suggesting a growing resistance to paying attackers. The report attributes falling ransom demands in part to the rise of ransomware-as-a-service and artificial intelligence-assisted attacks that allow threat actors to scale operations while seeking quicker, lower-value payouts that are more likely to be paid.

“The fact that attacks on healthcare providers appeared to plateau last year while attacks increased overall is positive, but now is not the time to get complacent or take this for granted,” Rebecca Moody, head of data research at Comparitech, told SiliconANGLE via email.

“As our report highlights, healthcare providers are still a dominant focus for hackers because of the amount of disruption these attacks can cause and the amount of sensitive data they have on file,” said Moody. “Healthcare providers are also facing increasing pressure via attacks on third parties. Whether it’s the medical billing service they use or their IT provider, healthcare organizations’ systems are only as robust as the third parties they’re using.”

2025’s statistics also demonstrate the increased speed and volume of attacks from ransomware groups. “As they turn to the likes of AI and ransomware-as-a-service to scale up their operations, gangs are constantly evolving to ensure they’re maximizing their output,” added Moody. “This perhaps goes some way to explaining why we’ve seen such a reduction in the average ransom amount, too. Larger volumes equal lower ransoms. Equally, by issuing these lower demands, hackers are likely increasing their chances of securing a ransom payment.”

Image: SiliconANGLE/Ideogram