New research by TrendAI reveals that stolen healthcare and patient data is bought, sold and shared within a well-established underground economy where ransomware groups, access brokers and fraudsters collaborate to profit from patient information. Over a 12‑month period TrendAI analyzed 7,779 forum posts, 21,813 marketplace listings and 95 leaked ransomware pages connected to cyberattacks targeting the healthcare sector.
The report finds that healthcare data remains especially attractive to cybercriminals because it is highly sensitive, long‑lived and valuable for multiple types of fraud. Sales of ransomware‑related data accounted for 36.3 percent of marketplace activity. The analysis also highlights a growing focus on electronic health record (EHR) vendors and other healthcare software providers, where a single breach can ripple across hundreds of healthcare organizations.
“Healthcare data has shifted from being just another piece of stolen information to a long‑term criminal asset,” says Martin Fribrock, Country Manager Sweden, Finland and Baltics at TrendAI. “Healthcare data is uniquely sensitive: unlike a credit card or password, diagnoses, treatment histories or biometric identifiers cannot simply be cancelled and replaced.”
TrendAI warns that attacks against the healthcare supply chain — including clinical software, EHR systems and medical platforms — are an increasing risk, enabling cybercriminals to scale attacks well beyond individual hospitals and clinics.
Read the report here.