Healthcare organizations affected by ransomware attacks often end up paying about 50% of the time, despite the initial reluctance to give in to extortion demands, as shared by attorney Lynn Sessions of BakerHostetler in an interview with Information Security Media Group. The pressures of maintaining patient care 24/7 contribute to their vulnerability, with attacks often involving double-extortion tactics. These attacks not only encrypt data but also involve data exfiltration, putting additional pressure on organizations to pay for decryption keys to quickly restore their operations
However, paying ransom does not exempt entities from fulfilling breach reporting obligations, such as under HIPAA regulations, and affected individuals may still take legal action despite the ransom payment, emphasizing the critical need for robust cybersecurity preparedness and incident response strategies in the healthcare sector. ```https://www.bankinfosecurity.com/interviews/many-healthcare-sector-entities-end-up-paying-ransoms-i-5382