Ransomware in Healthcare: Unmasking the Most Targeted Segments and Threat Groups

• Top Targets: Discover which healthcare segments ransomware attackers target the most.
• Threat Actors Exposed: Learn about the cybercriminal groups behind the biggest healthcare attacks.
• Real-World Impact: See how ransomware disrupts patient care, emergency services, and medical research.

Ransomware remains the primary threat the healthcare industry faces. However, threat actors do have a preference when it comes to which segment to attack.

Trustwave SpiderLabs’ just released Healthcare Sector Deep Dive: Ransomware Trends and Impact, examines which healthcare sub-industries attract the most attention from threat actors, breaks down which adversarial groups conduct the attacks, and the impact specific attacks had on their victims.

Healthcare Sector Deep Dive: Ransomware Trends is a companion piece to Trustwave SpideLabs’ overarching healthcare report 2025 Trustwave Risk Radar Report: Healthcare Sector - A New Era of Cybersecurity Challenges and the Healthcare Sector Deep Dive: Unmasking Security Gaps.

The Targets and the Attackers

The report contains information on the 11 most attacked healthcare segments, led by Public Health & Government Healthcare Services with 21% of all attacks. Ambulatory Healthcare Services and Hospitals & Medical Centers are the next most impacted.

The threat group Ransomhub was discovered to be behind the majority of attacks hitting the entire industry, followed by LockBit 3.0 and Dispossessor.

Ransomware’s Impact

Listing the number of attacks or their cost is, unfortunately, the least impactful way to measure the impact threat actors have on the healthcare sector. In almost every case, patient care and data are on the line.

Ransomware attacks against hospitals can cripple emergency services, making it impossible for doctors and nurses to access electronic health records (EHRs), schedule surgeries, or provide timely treatments. In some cases, hospitals have been forced to divert ambulances to other facilities, delaying emergency care and putting lives at risk.

Even in cases where patients are not directly at risk, such as when an attacker strikes a medical university or research center, an attacker can end up destroying valuable data that could prove crucial for future medical advancements.

Please download the report to learn the details of each case, along with some security recommendations that can be implemented to protect your organization against attack.

• 2025 Trustwave Risk Radar Report: Healthcare Sector - A New Era of Cybersecurity Challenges
• Healthcare Sector Deep Dive: Ransomware Trends and Impact
• Healthcare Sector Deep Dive: Unmasking Security Gaps

There are also three accompanying webinars during which Trustwave SpiderLabs experts will explain the reports’ findings in greater detail.

• The 2025 Healthcare Risk Radar Report: The latest trends in healthcare cyber threats
• Deep Dive on Ransomware Trends and Impacts: How attackers are targeting patient care
• Deep Dive on Unmasking Security Gaps: A real-world attack, analyzed step-by-step

Register here for all three webinars.