Ransomware attacks: To pay, or not to pay?

During a keynote panel at HIMSS21, security experts debated whether healthcare organizations should pay ransom to cybercriminals in the event of a ransomware attack. The experts had different opinions, with one arguing that healthcare should pay due to the criticality of continuity in saving lives, while another argued that ransom payments should be illegal in most cases. Negotiation was suggested as a strategy to reduce ransom amounts, and the importance of preparation and partnerships was emphasized. The issue of lacking skills and capabilities in dealing with ransomware was also highlighted.