Ransomware in healthcare is getting worse, even as the numbers go down

Ransomware attacks in the healthcare sector are worsening, despite a reported 14% decrease in incidents during the first quarter of 2026. While 120 ransomware attacks were registered globally against healthcare providers from January to March 2026, the overall attack count declined, and the average ransom demand soared to $16.9 million, up from $577,800 in the previous quarter. These figures tell a complicated story of progress overshadowed by an increasing threat.

According to Comparitech's Healthcare ransomware roundup, 22 of the 120 recorded incidents were confirmed attacks, while ransomware groups posted 98 claims but remain unverified. The highest ransom demand during this period reached $100 million, attributed to the NetRunner group’s attack on Nippon Medical School Musashi Kosugi Hospital in Japan. The hospital did not pay the ransom, yet it experienced the largest single breach of the quarter, compromising 131,700 records. This incident contributed to the median demand across all healthcare attacks increasing to $300,000, pushing the average to $16.9 million, as attackers targeted organizations they believed could yield big payouts.

​

Fewer attacks, bigger bets

Previously, healthcare ransomware relied on high attack volumes, targeting accessible organizations and accepting lower payments from many victims. Now, attackers spend more time on reconnaissance, selecting targets with data and operational dependencies, which means healthcare organizations must enhance their threat detection and targeted defense measures to prevent sophisticated attacks.

Rebecca Moody, Comparitech's head of data research, noted the concentration of targeting: "For the last two quarters, attacks have been consistently high with hackers focusing on healthcare providers and businesses functioning within the healthcare industry. This means healthcare providers not only have to protect their own systems from attacks but also have to guarantee the third parties they're using are reaching the same standards."

In Q1 of 2026, healthcare businesses, billing firms, pharmaceutical companies, diagnostic labs, and managed care vendors experienced 81 attacks, compared to 120 against direct care providers. Attackers exfiltrated 29 terabytes from businesses and 13 terabytes from providers, despite fewer attacks on businesses. These organizations hold more data per target, rendering them attractive to attackers. This is evident in the supply chain weaknesses observed in the 2024 Change Healthcare incident.

According to Paubox's 2026 Healthcare Email Security Report, 28% of email-related healthcare breaches in 2025 involved a vendor or business associate. Attackers have learned that a single vendor can be the path to dozens of covered entities.

Read more: What is ransomware?

​

Who is actually doing this

Qilin dominated Q1 2026 healthcare ransomware activity. It accounted for 23 confirmed and claimed attacks against healthcare providers, more than any other group. That figure requires context. According to CIS MS-ISAC analysis, Qilin claimed 550 total victims across all sectors in Q1 2026. Its healthcare-specific focus, 23 attacks out of 550, is actually lower than its overall market share. Comparitech's Moody noted this explicitly, suggesting that Qilin may have shifted weight toward sectors it sees as less saturated while other groups have moved specifically into healthcare.

Those other groups include The Gentlemen, with 10 attacks on healthcare providers and confirmed incidents in Brazil, New Zealand, and Puerto Rico. whereas LockBit had 9 attacks, including confirmed compromises in the US and Italy, and INC and NightSpire led the activity against healthcare businesses, with 8 claims each. The distribution signals an important point: no single group dominates, and disrupting one does not materially reduce risk. When RansomHub went dormant in April 2025, its affiliates migrated to Qilin, BianLian, and DragonForce within weeks.

Qilin's specific approach to healthcare deserves focus beyond the raw numbers. The group's attack on Synnovis, an NHS pathology services provider in London, in June 2024 disrupted roughly 90% of blood-testing capacity across multiple hospitals. It led to the cancellation of over 1,100 surgeries and 2,000 outpatient appointments within the first two weeks while Qilin exfiltrated 400 gigabytes of data covering an estimated 300 million patient encounters. According to the analysis, the disruption contributed to 170 cases of patient harm; however, Qilin then leaked the data when no ransom was paid.

In May 2025, at Covenant Health, Qilin spent 8 days within the network before detection. During that time, the group exfiltrated 852 gigabytes of data across 1.35 million files and compromised records of 478,188 patients. This dwell time allowed them to map networks, locate backups, stage exfiltration, and prepare for ransomware deployment. Recognizing that dwell time is often underestimated can motivate healthcare organizations to enhance detection and response capabilities, reducing the window for attackers to cause harm.

What double extortion actually means in practice

The term gets used so often that it has lost its weight. Double extortion means the ransom is not the only threat, as before encrypting systems, Qilin and most major groups now quietly exfiltrate patient records, financial data, and operational files. Analysis of Qilin's operational patterns found that exfiltration typically originates from high-privilege service accounts or backup servers. These are exactly the systems that rarely trigger outbound data alerts. Archives are compressed and encrypted before upload to cloud endpoints to avoid detection.

Exfiltration starts a second ransom clock; attackers can sell or release stolen data, so for HIPAA-covered entities, publication means a reportable breach, patient notifications, HHS OCR scrutiny, and possible litigation, as the payment decision is legal, reputational, and operational, and attackers count on that advantage.

According to the FBI's 2025 Internet Crime Report, healthcare recorded 460 ransomware attacks and 182 data breaches in 2025, more than any other critical infrastructure sector, and the result is that IBM estimates the average cost of a healthcare data breach at $9.8 million, the highest of any sector it tracks.

​

Where the access begins

Qilin's entry points are consistent across documented incidents. They use phishing emails to deliver credential-harvesting payloads, exploit public-facing applications, and use compromised credentials against remote access services like RDP. CIS MS-ISAC analysis of Qilin's tactics confirmed that phishing is the most common documented initial access vector. Stolen credentials to remote access applications are the second most frequent.

Once inside, the pattern is predictable: tools like Mimikatz dump credentials from memory; thereafter, lateral movement happens via PsExec and WinRM, spreading access across the network. Shadow copies are the Windows backup mechanism that allows recovery of deleted files without paying for them, and Data is staged for exfiltration. Ransomware is deployed simultaneously across all reachable systems and every step after initial access depends on that first foothold.

According to Paubox's 2025 Healthcare Email Security Report, only 5% of known phishing attacks are reported to security teams by employees. The phishing email that delivers initial access is overwhelmingly likely to go undetected at the human level. The attacker's first eight days inside the network happen quietly, while clinical staff handle their normal workload.

Pre-delivery filtering is the control that operates before that foothold is established. Paubox Inbound Email Security analyzes sender behavior, message intent, and tone to detect phishing efforts that bypass signature-based filters. This stops delivery before the credential harvest that starts the Qilin attack chain. According to Paubox's 2026 Healthcare Email Security Report, attacks avoiding native email defenses rose 47% in 2025. The filtering gap is not theoretical; it is documented in breach data.

Learn more: Paubox Inbound Email Security

​

FAQs

If ransomware attacks are declining, does that mean healthcare is getting safer?

Fewer attacks with far higher demands and larger data exfiltration volumes mean attackers are being more selective, not less dangerous. A 14% drop in attack volume, alongside a jump in average demand from $577,800 to $16.9 million in a single quarter, indicates a deliberate shift. Attackers are moving toward higher-value targets and more patient reconnaissance, rather than any meaningful risk reduction.

What is double extortion, and why does it change the ransom calculation?

Double extortion means attackers exfiltrate data before encrypting systems. Organizations with clean backups face a second threat: they pay, or the patient data gets published. For healthcare organizations under HIPAA, publication triggers breach-notification obligations, OCR scrutiny, and potential civil litigation. Restoring from backups does not resolve the second lever.

Why does Qilin specifically target healthcare businesses, not just hospitals?

Healthcare businesses, billing companies, pharmacy chains, diagnostic labs, and managed care vendors hold concentrated patient data without necessarily having the security investment of major hospital systems. Attackers exfiltrated 29 terabytes from healthcare businesses, up from 13 terabytes from providers in Q1 2026, despite targeting them less often. The data density per attack is higher, and the security posture is often weaker.

What single control would most reduce ransomware risk for a small healthcare organization?

Pre-delivery email filtering, because phishing is the documented primary initial access vector for Qilin and most other active groups. Stopping the credential-harvesting email before it reaches clinical staff removes the entry point before any subsequent attack stage becomes possible. Tested offline backups are the second priority because the difference between a recoverable incident and a catastrophic one often comes down to whether clean backups exist and have been verified to actually work.

Read more: Paubox's Top 3 Healthcare Email Attacks in 2025

​