In a nutshell: Medical data is the leading commodity for cybercriminals because it remains permanently valuable and is monetized across specialized marketplaces through a division of labor.
According to a study by TrendAI (the cybersecurity division of Trend Micro), healthcare data ranks among the most valuable merchandise in underground forums and ransomware leak sites because it provides enduringly useful information for fraud, extortion, and identity theft.
The study analyzed thousands of entries across a twelve-month period in cybercrime underground forums, marketplaces, and ransomware leak sites. The key finding: medical data is among the most sought-after commodities in the digital underworld. The reason lies in its persistence – while stolen credit cards can be blocked and replaced, diagnoses, treatment records, and biometric data remain permanently valid and thus usable for criminal purposes over many years.
A major driver of this market is ransomware groups: more than one-third of all recorded offerings were directly linked to ransomware attacks. These deliberately combine data theft and extortion to increase pressure on victims. Particularly attractive targets are providers of electronic health records – compromising them simultaneously affects numerous downstream clinics, medical practices, and healthcare institutions. Beyond credentials, criminal platforms now trade complete identity packages, insurance information, and counterfeit medical documents.
The attacks follow a division-of-labor structure. Initial Access Brokers first create access to healthcare institution networks and sell these accesses to other criminals – including ransomware groups or fraudsters. This specialization significantly lowers the technical barriers to attacks. The stolen data is monetized multiple times: through insurance fraud, counterfeit medical certificates and prescriptions, and through takeover of patient and employee accounts.
An additional risk lies in the supply chain: cybercriminals are increasingly targeting software vendors and platform operators. Compromising them allows attackers to significantly expand their reach and strike numerous institutions simultaneously. This makes securing digital supply chains a critical factor for healthcare security.
Source: www.it-daily.net · Published 11 June 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.6.5.