MONTREAL, May 19, 2026 (GLOBE NEWSWIRE) — Flare, the leader in Threat Exposure Management, today released a new report, The State of Healthcare Credential Exposure in 2026. The report found and analyzed more than 154,000 stealer logs containing medical, healthcare and/or hospital services access and found that nearly 74% of infected devices contained credentials for electronic health record (EHR) and electronic medical records (EMR) systems, exposing highly sensitive data, such as social security numbers, diagnoses, lab results, medications, and insurance information.
Healthcare organizations are facing a surge of credential-driven attacks, where a single compromised device can open the door to critical systems. Flare research shows a 33% year-over-year increase, underscoring cybercriminals’ growing focus on clinical systems and patient data. At the center of this trend is infostealer malware, which harvests credentials and session data and packages them into “stealer logs” sold across cybercrime forums. When those logs include healthcare access, the stakes escalate quickly, exposing patient records, medication systems, billing platforms, and even internal security tools.
“Healthcare credential exposure is not only increasing, but the type of access found in these logs makes each compromise particularly significant,” said Estelle Ruellan, threat intelligence researcher at Flare. “A single infected device could hand an attacker the keys to understand, map, and exploit an entire hospital’s infrastructure, which can have a catastrophic impact.”
According to the report, over the past two years, nearly 61,000 healthcare-related logs have surfaced on underground platforms, giving attackers direct access to systems that hold highly sensitive patient and operational data. These findings highlight the need for healthcare organizations to strengthen credential exposure monitoring and reduce time to detection.
Other key findings from the report include:
- In 2025, roughly 2,900 devices with healthcare access were compromised and shared on criminal marketplaces every month (over 34,800 annually).
- The United States is the most targeted country, accounting for 48% of healthcare-exposed logs.
- 900 logs contained access to medication dispensing and tracking platforms like Omnicell, BD Pyxis, ScriptPro, and Bluesight — which manage the physical dispensing of medications in hospital units, including controlled substances such as opioids and sedatives.
By prioritizing stealer log monitoring, healthcare organizations can enhance resilience and accelerate risk detection and mitigation.
View the full report on Flare’s website.
About Flare
Flare is the leader in Threat Exposure Management, helping global organizations detect high-risk exposures found on the clear and dark web. Combining the industry’s best cybercrime database with a ridiculously intuitive user experience, Flare enables customers to reclaim the information advantage and make cyber crime irrelevant. For more information, visit https://flare.io. To experience the platform firsthand, start a free trial at https://try.flare.io/free-trial/. Join our Discord community and explore Flare Academy to stay up-to-date on the latest in threat intelligence.
Media Contact
Geena Pickering
Look Left Marketing
flare@lookleftmarketing.com
A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/5fa4a730-391c-4e4a-8410-54457b30992c
