Ransomware groups target vendors to get into hospitals | HIMSS 2026

Las Vegas - Ransomware groups have targeted hospitals for years, and they are expanding their targets even as they refine their tactics.

While criminals are certainly trying to get into hospitals, they are also more and more apt to go after the vendors that health systems rely on for so many business functions, says Russell Teague, chief strategist and security officer of Fortified Health Security, a cybersecurity firm.

“The third-party landscape is one of the fastest growing and largest attack surfaces that any hospital has to deal with,” Teague tells Chief Healthcare Executive®.

In an interview at the HIMSS Global Health Conference & Exhibition, Teague says health systems are continuing to form partnerships with companies to help expand their capabilities, streamline operations or reduce work for their staff.

But they also offer more potential targets for attacks.

“When technology innovation continues to move forward, but cyber innovation doesn't move forward with it, it becomes a benefit for the organization, but it becomes a risk to the organization in terms of its overall resiliency,” Teague says.

Hospitals are increasingly aware of the risks of breaches involving their partners, he says.

Health systems rely on literally hundreds of vendors for many of their operations, and hackers have learned that targeting third-party partners is an effective way to get into hospitals.

“We're seeing a significant uptick of organizations focusing and doubling down in that area,” Teague says.

Read more: Cybersecurity in health care improves, but still needs more attention

Cybercriminals are increasingly looking at smaller hospitals and health systems as well, as they perceive them to be easier targets.

Large hospital systems have more formidable defenses from attacks, but small hospitals and health systems don’t have the same resources to invest in cybersecurity.

Teague says he understands the dilemma for smaller hospitals with modest budgets.

As he says, “If I'm a CFO or a CEO, fighting the good fight to try to keep the doors open and deliver to my community, am I going to spend that money on my nurses and physicians, or am I going to spend it on cyber?”

Just as health systems are using AI to streamline operations, ransomware gangs are utilizing AI tools to probe the security of hospitals, he says.

Attackers are using AI to search for legacy technologies or unsupported operating systems that are still sitting connected to health systems.

“We are seeing a strong shift in the threat actors through AI automation to go after the old school vulnerabilities,” Teague says. “Because now we have automated technology that's going out and scanning every single system that's publicly facing, looking for known vulnerabilities, and then highlighting them.”

At the same time, criminals are using the tried-and-true tactics of sending emails in the hopes that someone will click on something they shouldn’t.

For attackers who don’t speak English as their primary language, AI tools provide better translations that aren’t as clunky, or rife with typos.

“Traditional security training and awareness at the end user level is still an essential protection mechanism,” he says.

The healthcare industry continues to be the leading target for ransomware organizations, largely because hospitals possess a wealth of financial data on patients and information about their health conditions as well. Analysts say that information can be sold on the dark web.

Some attackers are opting less to steal data but are simply looking to disrupt hospital systems, in hopes of getting a ransom payment when those systems are restored. In many cases, hospitals are paying the ransom, which Teague says exacerbates the problems. Criminals know hospitals are willing to pay.

Teague says there will be fewer ransomware attacks “when health care raises the bar high enough to make it painful for them or it's less successful.”

Other industries, including banking and finance, have seen greater regulatory and legislative guidelines, and those sectors have seen fewer attacks.

Teague points to the White House’s introduction of new pillars in cybersecurity this month as a potentially beneficial step.

But he also suggests hospitals and health systems need to look at ways to bolster their systems now.

“Don't wait for the regulators or the legislation to come out,” Teague says. “Think about where your program is and how you want to evolve that program and make the commitments.”