There has been a 50 percent year-on-year increase in attacks targeting the healthcare and social assistance sector in the past 12 months.

According to Orange Cyberdefense’s Security Navigator 2025 report, this level of attack ranks the vertical as the fourth most impacted.

As UK hospitals are experiencing cyber-attacks, the report claims that subsectors such as ambulatory healthcare and hospitals are now being frequently targeted, which points to a further erosion of the ‘moral’ restraints that previously protected these sectors.

Speaking to SC UK,  Charl van der Walt, head of security research at Orange Cyberdefense, says in the past there was an “honorable thief ethos amongst these actors” who would stand for the greater good, pointing out the flaws and doing free penetration tests for big businesses.

Van der Walt cites a case from this year, where the National Health Labs in South Africa were compromised “which literally directly led to people dying.” In that instance, he says the attackers then called the press to let them know that the National Health Labs wasn't prepared to pay a ransom. 

Triple Extortion

A distinct change he has seen is where a victim is compromised by an attacker, they refuse to pay and their data gets leaked, “and then they get then they get extorted again by an entirely different brand, sometimes in very short order and sometimes months later, like I think the average is about six months later.”

He says he has seen some instances where the same victim has been extorted four different times. ”It's a very difficult thing to understand,” he says. “Between the impact on small businesses, the impact on healthcare and previously, if you like ‘protected industries’, and this re-victimisation, there's definitely a sense of a growing cynicism. It's uglier than it was before.”

Cyber Extortion

The Orange Cyberdefense report also reports a 53 percent year-on-year rise in incidents targeting small businesses, with SMBs now accounting for over two-thirds of all observed cyber extortion victims.

The concept of revictimization further amplifies the financial and psychological toll on these organisations. Asked if he felt that there was a move from spear phishing and snaring a large target to more random attacks, van der Walt says it is “not big game hunting, it's a harvest” and the sense is that the activities are undirected, and more opportunistic.

“So naturally you see more victims in the big economies and you see more small business victims because there are more small businesses. I think that's the fundamental driver.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.