As the threat of ransomware grows more and more public, particularly in the healthcare industry, lawmakers are starting to take notice.
In California, for instance, SB 1137--in which hackers using ransomware could be punished in a similar manner as those who are prosecuted for extortion--passed through a state senate public safety committee Tuesday, Reuters reports. The bill was introduced in February.
On April 8, meanwhile, Sen. Barbara Boxer (D-Calif.) sent a letter to FBI Director James Conway sharing concerns about the recent string of cyberattacks. Boxer is particularly worried that if hospitals pay the requested ransoms to regain access to their IT systems, hackers will become more incentivized to target the healthcare industry.
"Please provide information regarding the FBI's efforts to investigate these crimes and indicate what steps you believe hospitals and other businesses can take to protect themselves both prior to and following a ransomware attack," she says.
Los Angeles-based Hollywood Presbyterian Medical Center, which Boxer mentioned in her letter, in February paid a $17,000 (40 bitcoin) ransom to hackers who disabled its IT systems with ransomware. Allen Stefanek, the hospital's CEO, said the decision was "the quickest and most efficient way to restore ... systems and administrative functions."
An attack late last month on MedStar Health, which operates 10 hospitals in Maryland and the District of Columbia, also was alluded to by Boxer. Although various reports say that ransomware was responsible for that incident, MedStar has not confirmed the nature of its attack.
Prior to the MedStar attack, Rep. Ted Lieu (D-Calif.) said he may propose a bill that would require providers to inform their patients when a ransomware attack has occurred.
To learn more:
- read the Reuters article
- here's the state bill
- check out Boxer's letter