Jessica Entwistle
July 13 2026
Dark Reading reported on 10 July 2026 that cyberattacks against healthcare businesses, particularly service providers, more than doubled in the first half of 2026 compared to the same period in 2025. While attacks against hospitals and clinics grew modestly, the sharp increase in attacks targeting healthcare service providers, including billing companies, IT managed service providers, medical device suppliers and health insurance administrators, represents a significant shift in attacker focus. These organisations often hold large volumes of patient data and provide critical services to multiple healthcare providers, making them high-value targets for ransomware groups and data extortion operations.
For UK organisations in the healthcare sector or providing services to the NHS, private healthcare providers or social care organisations, this trend is operationally significant because it reflects a deliberate targeting strategy. Attackers understand that compromising a single service provider can create cascading impact across multiple healthcare organisations, disrupt patient care and generate significant pressure to pay ransoms. The healthcare supply chain in the UK is complex, involving pathology services, imaging providers, electronic patient record systems, payroll and HR providers, and numerous other third parties. Many of these organisations may have less mature security programmes than the hospitals and trusts they serve, yet they hold equally sensitive data and provide equally critical services. The increase in attacks also reflects the operational reality that healthcare service providers often have access to multiple customer environments, making them attractive targets for attackers seeking to maximise the impact of a single compromise.
Healthcare organisations and their service providers should review third-party risk management processes, ensure that contracts clearly define security responsibilities, and consider whether incident response plans account for supply chain compromise scenarios. For service providers, it is worth reviewing whether security controls are proportionate to the sensitivity of the data held and the operational criticality of the services provided. Consider whether there is adequate network segmentation between customer environments, whether access controls limit the impact of a compromise, and whether monitoring is in place to detect unusual activity. Healthcare organisations should also review whether they have visibility into the security posture of their critical service providers, and whether there is a process for responding quickly if a provider is compromised. Ensure that responsibility for third-party risk management is clearly assigned and that security requirements are built into procurement and contract management processes from the outset.
Source: Dark Reading