FBI IC3: Healthcare sector leads in ransomware attacks

The FBI's Internet Crime Complaint Center, or IC3, tracked 278 healthcare ransomware attacks in 2025, making it the most targeted critical infrastructure sector. In addition to the ransomware complaints, the IC3 tracked 182 healthcare data breaches, according to its annual internet crime report. 

The IC3 has been the FBI's primary link to the public for reporting cybercrime since 2000 -- it now receives an average of 3,000 complaints per day and uses its findings to publish public awareness campaigns and industry alerts for the private sector. 

The IC3 received a record-breaking 1 million complaints in 2025, up from 859,000 last year. Losses from cybercrime also set records, reaching $20.9 billion in 2025, signifying a 26% increase from 2024. 

Phishing, extortion and investment cybercrimes were the top complaint categories, with investment, business email compromise and tech support attributing to the highest losses. 

The report shed light on how cybercriminals have targeted individuals through carefully engineered scams. However, as in years past, businesses and critical infrastructure sectors, such as healthcare, were hit just as hard by cybercrime.  

"Every year, our adversaries become savvier and increasingly callous – attacking power grids, shutting down hospitals, and stoking geopolitical tensions," the report stated.  

"State-sponsored cyber actors wield every element of their national power to target the United States and its critical infrastructure. Skilled cybercriminals exploit new and longstanding vulnerabilities to steal our money and hold our data for ransom." 

Of the cyberthreats reported to the IC3 in 2025, 36% were ransomware incidents, and 39% were data breaches. The IC3 identified 63 new ransomware variants, averaging 5.25 per month. Akira, Qilin, BianLian and Ransomhub were among the top ten variants, which reportedly hit critical manufacturing, healthcare and government facilities hardest. 

Healthcare was the most targeted industry according to IC3 complaint data, followed by critical manufacturing and financial services. 

As complaint volume climbs, the IC3 has also observed a troubling uptick in AI-enabled cybercrime.  

"AI technology enables the creation of convincing synthetic content, such as social media profiles and personalized conversations, often in mass quantities," the report stated. 

"People have manipulated video and audio similarly for decades, but the widespread availability of this developing technology makes it possible to create high-quality content. AI-enabled synthetic content is becoming increasingly difficult to detect and easier to make, which allows criminal actors to potentially conduct successful fraud schemes against individuals, businesses, and financial institutions." 

While not specifically mentioned in this report, AI-powered cyberthreats have undoubtedly challenged healthcare cyber resilience. A recent Armis report suggested that most healthcare organizations lack the budget to scale resources and effectively keep pace with AI-powered cyberattacks. 

As cybercrime continues to escalate, critical infrastructure organizations must bolster their defenses and prepare for higher attack frequency. 

Jill Hughes has covered health tech news since 2021.