The India Cyber Threat Report 2026 by Seqrite, the enterprise security arm of Quick Heal Technologies, states that the healthcare and pharmaceuticals sector in India has emerged as one of the most targeted sectors for cyberattacks.
The report, prepared by researchers at Seqrite Labs, is based on telemetry data from more than 8 million endpoints. It states that education, healthcare and manufacturing accounted for nearly 47 per cent of all detections between October 2024 and September 2025. The healthcare and pharmaceuticals sector recorded 3.79 million detections, accounting for a 14.24 per cent share.
The report notes that Trojans and file infectors formed nearly 70 per cent of all attacks. Seqrite telemetry linked remote access Trojans and loader-based malware to attempts to access pharmaceutical research and development data and clinical trial information.
Ransomware accounted for less than one per cent of detections but had operational impact. Ransomware detections exceeded 0.81 million, with a peak in January 2025 that recorded 185 incidents and 113,000 detections. The report states that these attacks used phishing, cracked software, exposed remote desktop services and supply chain vectors to gain access to systems, including hospital information systems.
The report highlights that patient data differs from payment data, as it cannot be reissued after a breach. Medical histories, diagnostic reports, prescription records, insurance data and personal information remain exposed once accessed. The report states that such data is used in fraud, blackmail and profiling. It also notes that system compromise can affect diagnosis, treatment and research data.
The Digital Personal Data Protection Act 2023 defines obligations for healthcare institutions handling patient data. Hospitals, clinics, diagnostic chains, insurers and health technology platforms are required to ensure lawful processing, consent, purpose limitation and data safeguards across digital records, including admission data, lab reports, teleconsultation records and application data.
In this context, Seqrite states that its enterprise security products and services are aligned with the provisions of the DPDP Act, supporting healthcare organisations in managing cybersecurity and data protection requirements.