Z-CERT uses the counter to track ransomware incidents that have occurred in the European healthcare sector. These are ransomware incidents at healthcare organisations, not at their suppliers or partners. An incident is counted as a ransomware incident when one or more files have been encrypted by an actor who was not authorised to perform this action. In general, the actor is seeking financial gain, and the victim must pay a sum of money to obtain a digital key that can be used to reverse the encryption.