Skip to content Skip to navigation

California State Senator Introduces Legislation to Stiffen Penalties for Hackers

February 22, 2016
by Heather Landi
| Reprints
Click To View Gallery

In the wake of the recent ransomware attack at Hollywood Presbyterian Medical Center that crippled the hospital’s information systems for more than a week, California State Senator Bob Hertzberg has introduced legislation that makes ransomware attacks a crime equivalent to extortion.

According to a press release from Sen. Hertzberg’s office, the proposed bill, SB 1137, outlaws the practice of infecting any computer, system or network with ransomware and states that a person engaged in the activity could be convicted of a felony and be given a sentence of up to four years in prison.

“Nearly every day we read in the news about data breaches and online criminal activity,” Hertzberg said in a statement. “We must be clear that we will not tolerate this kind of conduct, and that using modern tactics to engage in age-old thuggery of ransom and extortion do not change the seriousness of the crime.”

As previously reported by Healthcare Informatics, Hollywood Presbyterian Medical Center announced last Thursday that it had paid the hackers 40 Bitcoins, or about $17,000, to regain control of its computer systems after a ransomware attack Feb. 5 affected the operation of the hospital’s enterprise-wide information system.

HPMC president and CEO Allen Stefanek said in a statement last week that hospital staff noticed issues accessing the hospital’s computer network on Feb. 5 and the hospital’s IT department began an immediate investigation and determined it had been subject to a malware attack.

“The malware locked access to certain computer systems and prevented us from sharing communications electronically. Law enforcement was immediately notified. Computer experts immediately began assisting us in determining the outside source of the issue and bringing our systems back online,” he stated.

Stefanek also said, “The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

Stefanek also said the incident did not affect the delivery and quality of patient care. “Patient care has not been compromised in any way. Further, we have no evidence at this time that any patient or employee information was subject to unauthorized access,” he said.

However, for more than a week, hospital staff could not pull up electronic patient medical records and were registering patients on paper and communicating via fax lines.



CMS Hospital Compare Website Updated with VA Data

The Centers for Medicare & Medicaid Services (CMS) has announced the inclusion of Veterans Administration (VA) hospital performance data as part of the federal agency’s Hospital Compare website.

CMS Awards Funding to Special Innovation Projects

The Centers for Medicare & Medicaid Services (CMS) has awarded 20, two-year Special Innovation Projects (SIPs) aimed at local efforts to deliver better care at lower cost.

Center of Excellence in Genomic Science to be Established in Chicago

The National Human Genome Research Institute has awarded $10.6 million over five years for the establishment of a new research center in Chicago to advance genomic science.

EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.