In the worked healthcare ransomware scenario, why is the likelihood rated "very likely," and what factors drive that rating?
It is rated very likely because ransomware is highly effective against hospitals — contributing factors include that hospitals pay often, are heavily targeted, have staff poorly trained to spot phishing, and struggle to find "patient zero" and the root cause.
Hospitals make attractive ransomware targets: roughly half pay (because lives and uptime are at stake), making the crime profitable; they depend on systems being available, so disruption is acute; clinical staff are not primarily trained in security and click phishing lures; and after an incident it is hard to identify the first infected host (patient zero) or the root cause, which slows recovery. Together these push likelihood to "very likely." Tip: A high likelihood combined with healthcare's high breach cost (around USD 7.42M) is exactly the high-priority cell a roadmap should target first.