The healthcare sector was the only sector that did not see a decline in ransomware attacks last month, according to new findings.
Software company Comparitech found that internationally the health sector saw an almost 10% increase in attacks from March to April, up from 41 to 45.
During the first four months of 2026 Comparitech recorded 165 attacks on the healthcare sector, a 10% increase from the 150 recorded during the same period of 2025.
This is despite overall disruption in April falling to 628 attacks – the lowest level in six months – with 43 of these ransomware attacks confirmed by the organisations involved.
Comparitech said that the US saw the most attacks at 260, followed by Canada at 32, and then the United Kingdom at 30.
Rebecca Moody, head of data research at Comparitech said: ‘What the report also highlights is the ongoing focus on healthcare companies – both those providing direct care and those operating within the sector (e.g. medical billing providers).
‘Some significant attacks were reported last month (namely Signature Healthcare and ChipSoft), which only served to remind us how extensive the impact these attacks can have on all types of healthcare companies.’
The attacks on US healthcare provider Signature Healthcare forced the hospital to resort to downtime procedures, divert ambulances and cancel chemotherapy appointments.
The NHS and other UK healthcare sector organisations have previously been the targets of cyber attacks.
Synnovis, a pathology laboratory which processes blood tests on behalf of several NHS organisations, was the victim of a ransomware cyber-attack in June 2024, which disrupted its services across the UK and significantly reduced its capacity to process tests.
A blog post on the National Cyber Security Centre’s (NCSC) website last month said incidents like the attack on Synnovis ‘show that cyber resilience is linked to patient safety and why the health sector is a priority for the NCSC.’
It added: ‘Building on the national and local preparedness and resilience work undertaken by the NHS over the last decade, collaboration between organisations working across the health sector has deepened over the past 18 months.
‘By working together, we are reducing cyber risk, improving detection, and helping to keep vital services running.’
The Comparitech report also found that, within the business sector, attacks declined across all industries apart from healthcare.
It said attacks on businesses operating within the healthcare sector, including pharmaceutical and medical device manufacturers and technology companies remained at a consistent level, with 31 attacks recorded in both March and April 2026.
The findings come at a time when the NHS is working towards achieving the government’s key ambition to shift from analogue to digital, as set out in the 10-Year Health Plan.
Health experts have highlighted the need to prepare the healthcare workforce for the digital shift, and for the upcoming workforce plan to look realistically at the growth in digital and changes in technology.
And a senior NHS official warned in March that the plan cannot be achieved without cyber security.
A Department of Health and Social Care (DHSC) spokesperson said: ‘National security is one of the key foundations of this government and we are reinforcing cyber resilience across health and social care to protect patients and staff.
‘Like all large organisations, those in the NHS face a significant cyber threat, with ransomware among the most significant. NHS England’s cyber security specialists monitor for threats and defend the NHS from cyber-attacks 24 hours a day.’
It added: ‘Through our ambitious Cyber Improvement Programme, we are tackling the changing cyber risk head-on, expanding protection and services to better protect the health and care system.’
The DHSC also confirmed that it requires any organisation that holds or processes health and care data to complete a Data Security and Protection Toolkit (DSPT).
