Cyberattacks against mobile devices climb 224% in healthcare

Mobile devices are critical to business operations across critical infrastructure sectors, including healthcare. However, threat actors are increasingly targeting these devices with cyberattacks. A new report from Zscaler revealed a 224% increase in cyberattacks targeting mobile devices in healthcare compared to last year.

The report analyzed more than 20 million threat-related mobile transactions across several critical infrastructure sectors based on data collected from the Zscaler cloud between June 2024 and May 2025. In addition to mobile, the report focused on internet of things (IoT) and operational technology (OT) cyberthreat trends.

"Mobile, IoT, and OT systems have become the backbone of business operations today, enabling innovation and powering critical infrastructure across industries," the report stated. "Mobile devices now dominate global connectivity, while IoT and OT systems keep manufacturing, healthcare, transportation, and smart cities running."

As the healthcare ecosystem becomes increasingly interconnected, threat actors are "taking advantage of this expanding web of connectivity," the report noted.

This trend is exemplified by the marked increase in attack volume in healthcare, as well as notable increases in the energy, manufacturing and oil and gas sectors.

Across all sectors, Android malware transactions increased by 67% year-over-year, and 239 malicious Android applications were collectively downloaded 42 million times on the Google Play store, demonstrating how hackers successfully infect endpoints.

"This significant escalation underscores the growing threat to critical infrastructure and the increasing exploitation of vulnerabilities within these essential industries," the report noted.

"The interconnectedness of these sectors, coupled with their vital role in daily life and national security, makes them prime targets for sophisticated cyber campaigns designed to maximize impact and financial gain."

The report highlighted the widespread adoption of hybrid and remote work, as well as the increased use of bring-your-own-device policies, as contributing factors to the growth of mobile device entry points.

Considering these trends, Zscaler researchers predicted that mobile applications will increasingly be supply chain attack vectors in 2026, and that continuous analysis of all app permissions will become a security standard.

Additionally, the report authors predicted that AI-driven exploits will continue to drive the threat landscape in 2026. What's more, industries that rely heavily on IoT/OT environments, like healthcare, will remain top targets for ransomware campaigns, Zscaler predicted.

The data highlighted the importance of a robust mobile device security strategy in healthcare and other critical infrastructure sectors.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.