The Health Insurance Portability and Accountability Act (HIPAA) Journal has reported a significant surge in ransomware attacks into 2025, with a sharp increase in victims added to data leak sites. In February alone, 599 new victims were recorded, marking a 149% rise in U.S. victims compared to the same period last year. Experts suggest ransomware groups target North America due to the higher likelihood of ransom payments, despite an overall decline in ransom payouts.
The report also highlights significant shifts within ransomware groups: LockBit, once the most prolific, has struggled following a law enforcement takedown, while new leaders like Cl0p, Akira, and Lynx have emerged. RansomHub, which gained prominence in 2024, has now dropped to 5th place with only 23 attacks in 2025.
Healthcare remains a major target alongside construction and professional services. As ransomware activity continues to rise, businesses—especially those in vulnerable sectors—must prioritize strengthening their cybersecurity fundamentals to defend against these growing threats. Organizations are also encouraged to adopt the HPH Cybersecurity Performance Goals and review CISA advisories to stay informed about emerging tactics and improve their defenses against ransomware and other cyber threats. For more information, refer to the HIPAA article.