Healthcare organizations had a 73.7 percent likelihood of paying a ransomware demand, and they are also the fourth most targeted sector by ransomware attacks (13 percent) globally, a new report said on Tuesday.

As ransomware attacks become more common, organizations are taking steps to mitigate the damage if they are hit, according to a global cyber risk management company Arete.

Some of the most effective controls include backups, multifactor authentication (MFA), and endpoint detection and response (EDR), which can all play a role in helping keep your organization safe.

“Healthcare organizations are often targets of ransomware because the presence of sensitive information, including PII and PHI, can increase the likelihood of ransom payment,” said Arete’s Chief Data Officer, Chris Martenson.

Buy Me A Coffee

“In today’s digital-first world, it is pivotal for healthcare organizations to build cybersecurity teams in-house or collaborate with a third-party security partner to implement effective mitigation tactics and controls,” he added.

Less than one in four healthcare organizations has MFA in place, while just over half report performing regular backups.

Moreover, the report said that just having an EDR platform is one of the more effective ways to decrease the payment likelihood in the healthcare sector.

Data encryption is the top technique used for impact in 100 percent of the ransomware cases that impacted the healthcare sector. The next most popular technique was ‘inhibiting system recovery’.

To mitigate the risk of data exfiltration, user training, and data backups are two key controls to consider, the report said.

FBI Recovers 7,000 LockBit Keys, Offers Lifeline to Ransomware Victims