Healthcare Faces Cyberattack Every 10 Hours – Driven by Known Flaws and High Ransom Payments, Securin Finds

MILPITAS, Calif. & ALBUQUERQUE, N.M.--(BUSINESS WIRE)--Healthcare organizations are being hit by cyberattacks at an alarming rate – about every 10 hours – and attackers are succeeding using vulnerabilities that are already known and fixable, according to new research from Securin.

Ransom payment rates range from 68% to 72%, making the sector one of the most reliable and profitable targets for cybercriminals.

Share

“Ransomware in healthcare has become a repeatable business model,” said Dr. Srinivas Mukkamala, CEO of Securin. “Attackers are walking through doors that were left open – and getting paid for it. Once they’re inside, the disruption is so severe that organizations are often forced into costly decisions – in many cases tied to issues that could have been addressed earlier.”

The problem is getting worse for a simple reason: attackers are succeeding – and once inside, the cost of disruption often forces difficult decisions. Ransom payment rates range from 68% to 72%, making the sector one of the most reliable and profitable targets for cybercriminals.

This isn’t about sophisticated, never-before-seen threats. Every vulnerability exploited in these attacks is already listed in the U.S. government’s Known Exploited Vulnerabilities (KEV) catalog.

Attackers are repeatedly exploiting unfixed, well-documented weaknesses, allowing them to scale attacks quickly using proven, repeatable methods.

The report analyzed 592 incidents across 94 ransomware groups between January 2025 and February 2026:

• 59% of attacks involved ransomware
• 56% targeted U.S.- based organizations

How attackers are getting in

Securin identified 29 actively exploited vulnerabilities, with a clear pattern:

• Authentication bypass is the most common entry point
• VPN and remote access systems account for roughly one-third of initial access
• Attackers often exploit vulnerabilities long after they are disclosed and patchable

Across incidents, attackers follow the same sequence:

• Initial access
• Credential harvesting
• Lateral movement
• Data exfiltration
• Encryption

In many cases, access to healthcare systems is purchased for as little as $2,000 to $50,000, lowering the barrier to entry.

Certain groups – including Qilin, Incransom, and Cl0p – have scaled attacks by exploiting the same vulnerability across multiple organizations.

Why healthcare continues to be targeted

Healthcare remains a top target because the economics favor attackers:

• 68-72% ransom payment rate (vs. ~40% in other sectors)
• Medical records sell for $250-$1,000 each
• Hospitals can lose $1M-$2M per day during disruptions

Faced with these pressures, many organizations make difficult decisions to restore operations quickly – reinforcing the cycle attackers rely on.

About the Report

The Securin Healthcare Threat Intelligence Report analyzed 592 attacks conducted by 94 ransomware groups between January 2025 and February 2026.

Read the full report: https://www.securin.io/healthcare-sector-cyber-threat-intelligence-report-q1-2026

About Securin

Securin is an AI-driven cybersecurity company that helps organizations identify, validate, and eliminate real-world cyber risk – before it becomes a breach. By combining AI with human expertise, Securin helps teams focus on the vulnerabilities that actually matter.