Healthcare Cyberattacks Shift Toward Third-Party Providers as Ransomware Threat Grows
What happened
Cybercriminals are increasingly targeting healthcare businesses rather than hospitals themselves, according to new research from Comparitech. During the first half of 2026, cyberattacks against healthcare organizations increased by 14%, outpacing the 11% rise seen across all industries. The sharpest increase was among healthcare businesses, including billing providers and technology vendors, where attacks surged 35% compared with the second half of 2025 and more than doubled year over year.
Several high-profile incidents illustrate the trend. In February, a ransomware attack forced the University of Mississippi Medical Center to disrupt operations across its facilities for more than two weeks. A month later, German medical-billing provider Unimed suffered a cyberattack that exposed sensitive health information belonging to tens of thousands of patients.
Rebecca Moody, Head of Data Research at Comparitech, said attackers increasingly recognize that compromising a single healthcare business can provide access to multiple hospitals and healthcare organizations, making these vendors attractive ransomware targets.
Who is affected
The growing threat affects the entire healthcare ecosystem. Hospitals, clinics, medical billing providers, managed service providers, software vendors, and other third-party organizations all face increased risk.
Recent breaches further highlight the scale of the problem. TriZetto Provider Solutions disclosed a breach affecting 3.4 million patients, while QualDerm Partners reported a separate incident impacting 3.1 million individuals. According to the FBI’s Internet Crime Complaint Center (IC3), healthcare was the most targeted critical infrastructure sector during 2025.
Why CISOs should care
Healthcare organizations remain attractive targets because they manage sensitive patient data while relying on complex technology environments and extensive third-party relationships. Legacy medical devices, always-on clinical operations, and limited cybersecurity resources continue to create opportunities for attackers.
Errol Weiss, Chief Security Officer at Health-ISAC, warned that healthcare incidents have consequences beyond financial losses. Cyberattacks can disrupt electronic health records, imaging systems, laboratories, medication workflows, and communications, directly affecting patient care. Because service disruptions can have life-threatening consequences, healthcare organizations often face intense pressure during ransomware incidents.
As attackers increasingly target suppliers and service providers, CISOs must view third-party risk as a core component of healthcare cybersecurity rather than a separate compliance issue.
3 practical actions
Strengthen third-party risk management by continuously assessing vendors, monitoring external exposure, and requiring strong security controls.
Enforce phishing-resistant multifactor authentication, secure remote access, and regular patching to reduce common attack paths.
Prepare for ransomware by testing incident response plans, validating backups, and coordinating recovery procedures with critical vendors and healthcare partners.


