Public services such as hospitals and local governments continue to face growing cybersecurity threats, largely due to the sensitive data they hold and limited defenses, according to the latest Microsoft Digital Defense Report.
Microsoft found that more than half of cyberattacks with known motives were because of extortion or ransomware. These attacks often target sectors that cannot afford long service disruptions, such as healthcare and local government offices. Many of these institutions also rely on outdated software or lack sufficient incident response capabilities, making them easier targets for attackers.
“Malicious actors remain focused on attacking critical public services, targets that, when compromised, can have a direct and immediate impact on people’s lives,” said Amy Hogan-Burney, corporate vice president, Customer Security & Trust at Microsoft.
She added that cyberattacks on hospitals, schools, and government agencies have had real-world consequences, including delayed emergency care, disrupted public services, canceled classes, and transportation delays.
Ransomware remains one of the most damaging threats. Attackers often encrypt critical systems and demand payment to restore access. Hospitals, for example, may have no choice but to pay the ransom to restore life-saving systems quickly. Stolen data from governments, hospitals, and research institutions is often sold on dark web marketplaces, driving more criminal activity.
“Government and industry can collaborate to strengthen cybersecurity in these sectors, particularly for the most vulnerable,” Hogan-Burney said. “These efforts are critical to protecting communities and ensuring continuity of care, education, and emergency response.”
In 80% of the cyber incidents investigated by Microsoft’s security teams last year, attackers attempted to steal data. Financial gain motivated 52% of those attacks, while others were linked to intelligence gathering.
The report noted that cybercriminals are increasingly using automation and readily available hacking tools to carry out attacks, even without advanced technical skills. Artificial intelligence (AI) has made this trend worse by allowing criminals to create more realistic phishing messages, generate fake content, and speed up malware development.
“As a result, opportunistic malicious actors now target everyone, big or small, making cybercrime a universal, ever-present threat that spills into our daily lives,” said Hogan-Burney.
The report urged organizations to treat cybersecurity as a strategic business priority, not just an IT task. It also emphasized the need for modern security systems that use AI and cross-sector collaboration to keep up with evolving threats.
Simple protective measures can also make a major difference. According to Microsoft, phishing-resistant multifactor authentication (MFA) can block over 99% of identity-based attacks.
The report found that more than 97% of identity attacks are password-related, and such incidents grew by 32% in the first half of 2025. Attackers often use stolen usernames and passwords from data breaches for large-scale password guessing attempts.
Microsoft also warned of a rise in “infostealer” malware, which secretly collects user credentials and session data. These stolen credentials are then sold on cybercrime forums, allowing attackers to infiltrate accounts and deliver ransomware more easily.