Ransomware attacks in Maryland could soon attract fines of up to $100,000 and 10 years in prison.
Maryland Senate bill 151, cross-filed with House bill 211, indents to define ransomware attacks that result in losses greater than $1000 as felony, and would be punishable by fines of up to $100,000 and a prison sentence of 10 years. Under current laws only those breaches that result in a loss greater than $10,000 are considered a felony, if lesser, they are considered as a misdemeanor.
Prompted by ransomware attacks on Maryland Hospitals over the past few years and the ransomware attack on the Salisbury Police, which happened in January this year, this law intends to enforce stiffer penalties for those convicted of ransomware crimes. The bill also intends to introduce a new crime, which would prohibit violators from even possessing a ransomware, with an exception for researchers.
Ransomware, the most common type of malware today, accounts for 85 percent of all malware targeting the health care sector.
–Health Care Data Breaches: 2017 Findings, Maryland Health Care Commission
Ransomware attacks allow actors with malicious intent to seize control of computers and deny access to critical information systems until users pay the ransom.
Attacks on hospitals and healthcare centers can have really serious consequences. A research paper by the Vanderbilt University estimated that more than 2000 deaths per year could be attributed to ransomware attacks on hospitals.
Maryland breaches in 2018
Maryland breaches in 2017
Read more in this post on Delmarva Now: https://www.delmarvanow.com/story/news/local/maryland/2019/02/15/ransomware-attacks-would-become-felony-maryland-bill/2869037002/
Suggested reading: The Essential Eight – Strategies to Mitigate Cyber Threats