SonicWall has released its 2026 Healthcare Protect Brief, revealing that the healthcare sector continues to face the highest level of cyber threats despite an overall decline in attacks across most industries. Based on data collected from more than one million security sensors worldwide, the report shows that healthcare remains the most consistently targeted vertical.
According to the study, cyberattacks on healthcare declined by just 17% year-on-year, the smallest reduction among all sectors analysed. The report also recorded 13.3 million attempts to exploit remote desktop services, 243 unique attack signatures targeting connected medical devices and activity from ten ransomware groups—the highest among any industry. Legacy vulnerabilities such as Log4j also continued to generate millions of attack attempts.
Commenting on the findings, Michael Crean, Senior Vice President of Managed Services at SonicWall, said healthcare organisations remain attractive targets because operational disruptions directly affect patient care, increasing pressure on institutions to restore services quickly. He added that adopting Zero Trust security has become essential to strengthening cyber resilience.
The report identifies three major areas of concern: internet-exposed remote access systems, growing reliance on connected medical devices and the continued threat of ransomware. Together, these factors have expanded the attack surface for hospitals and healthcare providers.
To address these challenges, SonicWall recommends a Zero Trust security approach that verifies every user and device before granting application-level access. The company also highlighted how its partner Fornida successfully implemented this model across multiple ExaltHealth rehabilitation hospitals, creating a standardised security framework for new healthcare facilities.
The 2026 Healthcare Protect Brief is the first publication in SonicWall’s Vertical Series and complements the company’s 2026 Cyber Protect Report.

