Healthcare data is becoming one of the most valuable commodities in the global cybercrime ecosystem, according to new research from TrendAI. The study highlights how stolen patient records, ransomware attacks, and unauthorized access to healthcare systems are fueling a sophisticated underground market built around healthcare-related cybercrime.
The findings are based on a 12-month analysis of 7,779 underground forum posts, 21,813 marketplace listings, and 95 ransomware leak sites. Researchers found that ransomware-linked data sales accounted for 36.3% of marketplace activity, reflecting the growing use of data theft, encryption, and extortion by cybercriminals.
The report identifies healthcare information as one of the most sought-after forms of stolen data due to its long-term value and ability to support multiple forms of fraud. Beyond patient records, cybercriminals are also trading access to hospital networks, insurance information, and fraudulent medical documents.
A key trend highlighted in the research is the increasing focus on the suppliers rather than only hospitals and clinics. Vendors providing electronic health records (EHR) and electronic medical records (EMR) systems are becoming attractive targets because a single breach can expose hundreds of healthcare organizations that rely on the same platform.
This growing threat is particularly evident in Australia and New Zealand. In Australia, ransomware incidents targeting the organizations doubled during FY2024-25. In New Zealand, major hospital data breaches have led to government investments of NZ$450 million to strengthen cybersecurity across the public healthcare system.
Andrew Philp, Field CISO, ANZ, at TrendAI, said, “Patient data is a lucrative target for cybercriminals. Health data is permanent, deeply sensitive, and highly reusable, with a single breach creating long-term consequences for individuals, healthcare providers, and the wider health ecosystem. The 2024 MediSecure cybersecurity incident alone exposed private data from 12.9 million Australians.”
The report also reveals that cybercrime targeting healthcare has become increasingly specialized. Different criminal groups now handle system access, data theft, ransomware operations, extortion, and resale activities, creating a structured underground economy.
Stephen Hilt, Principal Threat Researcher at TrendAI, said, “Healthcare data has evolved from stolen information into a long-term criminal asset class.”
The study further warns that it breaches can create risks beyond the healthcare sector by exposing information linked to financial records, identity documents, and government systems. Combined with the operational disruption caused by ransomware attacks, healthcare organizations and their suppliers remain among the most attractive targets for cybercriminals.
Numaan Huq, Senior Threat Researcher at TrendAI, said, “What we’re seeing is not isolated cybercrime but a mature underground economy built around healthcare.”
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.