Hackers Are Targeting the Companies Behind Your Hospital, Not Just the Hospital Itself

Attacks on healthcare businesses, the billing firms and IT vendors that keep hospitals running, surged 110% in a year. Experts say criminals have figured out that one breach can unlock hundreds of patients at once.

ThreatVectr Newsdesk· 3 min read
Photoreal news-editorial style, 16:9 framing, full-frame edge-to-edge composition
Share

Key points

  • Cyberattacks on the healthcare sector rose 14% in the first half of 2026 compared with the same period in 2025, according to technology research firm Comparitech.
  • Attacks on healthcare businesses, meaning vendors and suppliers rather than hospitals themselves, jumped 110% year-on-year and 35% compared with the second half of 2025.
  • A ransomware attack in February 2026 forced the University of Mississippi Medical Center to cut network access across all 35 of its facilities.
  • In February 2026, TriZetto Provider Solutions disclosed a data breach affecting 3.4 million patients at its customers' hospitals and clinics.
  • The FBI's Internet Crime Complaint Center reported in April 2026 that healthcare was the most attacked critical-infrastructure sector in the United States in 2025.

Criminals who target hospitals have found a smarter shortcut: go after the companies that service hospitals instead.

Medical billing firms, IT vendors, and software providers sit at the centre of healthcare networks, often holding data for hundreds of hospitals at once. Breach one of them and you reach patients across an entire country. That calculation is reshaping where ransomware attacks, where criminals use malicious software to lock a victim's files and demand payment to unlock them, are landing.

According to Comparitech, a technology research firm that tracks publicly reported breaches, attacks on healthcare businesses surged 110% in the first half of 2026 compared with the same six months of 2025. Healthcare providers, meaning hospitals and clinics, saw 247 confirmed or suspected attacks in that period. Healthcare businesses saw 163. But it is the businesses whose numbers more than doubled in a year.

Why are suppliers being targeted instead of hospitals?

One breach can do more damage. Rebecca Moody, head of data research at Comparitech, put it plainly: through a single central supplier, criminals reach multiple healthcare organisations that hold enormous databases or provide third-party services to hundreds of hospitals. More stolen data means more pressure on the victim to pay, which means a bigger payday.

The ransomware-as-a-service model, where criminal groups rent out their attack tools to other criminals in exchange for a cut of any ransom, has widened the pool of people capable of running these attacks. Barriers to entry are lower than they have ever been.

Hospitals remain attractive targets for a specific reason: the consequences of refusing to pay are uniquely severe. A 2024 Microsoft study found that a ransomware attack at a hospital typically increases patient volume by 15%, stretches waiting-room time by nearly 50%, and is associated with a 113% rise in confirmed strokes and an 81% rise in cardiac arrests in affected areas. Researchers call deaths linked to care disruptions "excess deaths." That pressure makes hospitals more likely to pay, which draws more criminals in.

Errol Weiss, chief security officer at Health-ISAC, an information-sharing body for the healthcare industry, says weak remote-access controls and a lack of multi-factor authentication, where a login requires a second proof of identity such as a text message code, still give attackers easy ways in. Legacy medical devices, equipment running outdated software that cannot easily be updated, add to the problem.

If you are a patient, watch for unexpected letters or emails from your hospital or a billing company telling you that your personal or health information was exposed. If you receive one, consider placing a free fraud alert with a credit bureau. You cannot stop a hospital supplier from being attacked, but you can act quickly if your data surfaces somewhere it should not.

© 2026 Threat Vectr