The number of ransomware incidents reported by healthcare organizations from 2024 compared to 2023 spiked 32%, according to the “Healthcare Under Ransomware Attack 2025” report by Black Kite Security. This now puts Healthcare as the third most-targeted industry, behind manufacturing and scientific research.
Ransomware groups have shifted their focus to healthcare due to the high ransom potential and the unique pressures within the sector, such as patient safety and operational continuity.
According to the report, “Ransomware attacks on healthcare have increased both in numbers and as a proportion of total attacks.” When it comes to breaches reported to the Department of Health and Human Services, cases jumped from 278 in 2023 to 585 in 2024. This is a 110.4% increase.
Black Kite notes that smaller healthcare practices are a prime target for more aggressive ransomware groups, who may not have the same ethical qualms as their predecessors. That doesn’t leave out larger healthcare companies, however. United Healthcare’s landmark 2024 ransomware incident is now estimated to have affected 190 million victims as of January 2025.
Looking at the makeup of the entire industry, Black Kite’s report shows that about 25% of all ransomware incidents happened at physicians’ offices while medical and surgical hospitals accounted for 22%.
The report underscores the evolving tactics of ransomware groups targeting healthcare, including AI which will evade older tools and adapt in real-time.
To combat cyber threats, organizations need a multi-layered approach: regular offline backups, advanced email filtering, up-to-date Artificial Intelligence, continuous cyber risk monitoring, and multi-factor authentication (MFA). Staying updated on phishing tactics and having a solid incident response plan further boosts resilience.