Maryland legislators propose crackdown on ransomware attacks

Lawmakers in Maryland are considering legislation that would make ransomware attacks a crime punishable with prison time, BankInfoSecurity reports.

The bill would make extortion via unauthorized software a criminal offense, for which violators could face up to 10 years imprisonment, as well as a $10,000 maximum fine.

The legislation reads "a person who has the intent to unlawfully extort money, property or anything of value from another may not knowingly create, place or introduce without authorization software into a computer, computer system or computer network if the software is designed to encrypt, lock or otherwise restrict access or use by authorized users of the computer/system/network."

Under the bill, a ransomware victim — including individuals and organizations — would be able to bring a civil action in court.

"It makes sense to make these attacks a crime; there's been a dramatic rise in these events on hospitals, utilities and others," bill autor Sen. Susan Lee, D-Montgomery, Md., told BankInfoSecurity. She added that a ransomware attack last year on Columbia, Md.-based MedStar Health "was pretty devastating. … These attacks can cause injury and cost lives."

California and Wyoming have enacted similar legislation, according to BankInfoSecurity.

More articles on cybersecurity:
More Americans cite cyberattacks as more of a global threat than ISIS, climate change
AMA to HHS: HIPAA changes aren't needed for care coordination — 9 notes
15M+ US patient records breached in 2018: 8 notes

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers