Ransomware attacks on U.S. healthcare businesses have increased in 2025, even as incidents targeting hospitals and clinics declined, according to a new report from Comparitech published Oct. 9.
Here are five key findings from the report:
- From January through September, 257 ransomware incidents were recorded across U.S. healthcare providers and related businesses, up slightly from 252 during the same period in 2024, Comparitech found.
- Attacks on healthcare businesses — including technology vendors, pharmaceutical firms and billing providers — rose 51%, from 43 to 65. Attacks on hospitals and other care providers dropped 8%, from 209 to 192.
- Comparitech researchers said the shift may reflect growing security awareness among hospitals following a string of high-profile attacks in recent years, such as the 2024 breach at St. Louis-based Ascension, which is headquartered in St. Louis, that exposed data from nearly 5.6 million patients.
- Among confirmed U.S. incidents, Comparitech said the average ransom demand was $514,000 for healthcare providers and $532,000 for healthcare businesses.
- The INC and Qilin ransomware strains were among the most active in healthcare attacks, with INC responsible for the most confirmed incidents against providers and Qilin leading among healthcare businesses.
