In the wake of a series of cyberattacks targeting Michigan hospitals, State Rep. Donni Steele is pushing for tougher penalties against those who perpetrate such digital crimes. Last week, the McLaren Health Care system suffered an IT and phone system disruption due to an attack, prompting the legislator's call to action. As McLaren continues to investigate the extent of the damage, with assistance from cybersecurity professionals, all radiation therapy units at Karmanos Cancer Institute have resumed operations, alongside other departments including emergency and primary care services, as per a statement provided by McLaren.
The current Michigan laws dictate a maximum of five years in prison for individuals who hack into computer systems and up to three years for those possessing ransomware. Steele, as reported by CBS News Detroit, considers these penalties insufficient given the potentially widespread repercussions of cyberattacks on the healthcare sector. An updated statement from McLaren expressed gratitude for the patience and efforts of their staff during the incident and acknowledged the possible impact this cyberattack may have had on their patients.
Looking forward, Steele is working to introduce legislation that would not only impose harsher penalties but also strengthen support and resources for local law enforcement tackling these incidents. This proactive stance echoes a dire warning by authorities that these kinds of technology-based assaults are inevitable. In 2023 alone, over 460 ransomware attacks were launched against U.S. hospitals, according to the US Department of Health and Human Services, as cited by CBS News Detroit.
Amid calls for heightened security measures, Michigan Attorney General Dana Nessel has emphasized the state's vulnerability due to its lack of data breach notification laws. Nessel highlighted that while more than 30 states require notification of significant breaches, Michigan is not among them, which often results in delayed awareness of such attacks among consumer protection agencies, according to Michigan Advance. Steele's imperative of enacting stronger legislation is propelled by a history of attacks on the state's healthcare systems, including an attack last August on McLaren and a separate ransomware incident that affected Ascension hospitals last May. These incidents demonstrate the problems are persistent threats that leave personal health information vulnerable. Ascension managed to restore electronic health record access in Michigan hospitals several weeks after the attack, highlighting the breadth of disruption such incidents can cause, as relayed by GovTech.
.jpg){kind=link}