Mexico’s Health Sector Faces Rising Cyberattacks in 1H25

Mexico’s health sector faces an unprecedented digital threat,  making it a prime target for global cybercriminals. With 40.6 million cyberattack attempts recorded in the first half of 2025 across all industries, the country ranks as the second most-attacked in Latin America, putting critical infrastructure and sensitive patient data at risk.

"In an environment where critical infrastructures—such as hospital networks, power supply systems, telecommunications and medical data management platforms—are interconnected, and where medical services depend heavily on technology to operate, the risk of cyberattacks is no longer latent but growing," said Manuel Moreno, Cybersecurity Advisor. "A single incident can paralyze everything from hospitals to small and medium-sized enterprises in the health sector."

The scale of the threat is evident. Fortinet’s latest Global Threat Landscape Report places Mexico behind only Brazil in the region, with 40.6 million attempted attacks in 1H2025 place Mexico second only to Brazil in the region. Checkpoint's Quarterly Attack Report  also shows Mexico averaged 3,124 weekly attacks in Q3 2024—a 78% increase compared to the same period a year earlier.

Despite this exposure, preparedness remains low. “The gap is concerning: 68% of Mexican organizations see cybersecurity as a competitive advantage, but only 34% consider themselves prepared to face critical threats,” Moreno noted. This mismatch between awareness and readiness leaves the health sector particularly vulnerable, given the sensitivity of patient data and generally low defensive maturity.

Ransomware remains the primary attack method, encrypting critical information and demanding payment for its release. The fallout includes rescheduled surgeries, canceled treatments, and diverted ambulances, directly affecting patient care.

The sophistication of attacks has also grown. “AI has become a powerful tool in healthcare, but attackers now use it as well. In 2025, AI-driven cyberattacks have become a major concern,” Moreno explained. These tactics strain both small health providers with limited resources and large corporations with significant cybersecurity budgets.

Other threats include third-party breaches, data leaks, supply chain compromises, and the exploitation of zero-day vulnerabilities. The consequences are visible in daily hospital operations, from disrupted access to patient records to canceled procedures and delayed diagnoses.

The exposure or theft of personal health information also carries severe legal, reputational, and privacy risks. Administrative paralysis undermines scheduling, billing, and emergency response systems, further compounding the damage.

“These effects not only compromise service quality but also erode public trust in the health system, which is seen as unable to protect one of its most sensitive assets: patient information,” Moreno concluded.