California State Senator Introduces Legislation to Stiffen Penalties for Hackers | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

California State Senator Introduces Legislation to Stiffen Penalties for Hackers

February 22, 2016
by Heather Landi
| Reprints
Click To View Gallery

In the wake of the recent ransomware attack at Hollywood Presbyterian Medical Center that crippled the hospital’s information systems for more than a week, California State Senator Bob Hertzberg has introduced legislation that makes ransomware attacks a crime equivalent to extortion.

According to a press release from Sen. Hertzberg’s office, the proposed bill, SB 1137, outlaws the practice of infecting any computer, system or network with ransomware and states that a person engaged in the activity could be convicted of a felony and be given a sentence of up to four years in prison.

“Nearly every day we read in the news about data breaches and online criminal activity,” Hertzberg said in a statement. “We must be clear that we will not tolerate this kind of conduct, and that using modern tactics to engage in age-old thuggery of ransom and extortion do not change the seriousness of the crime.”

As previously reported by Healthcare Informatics, Hollywood Presbyterian Medical Center announced last Thursday that it had paid the hackers 40 Bitcoins, or about $17,000, to regain control of its computer systems after a ransomware attack Feb. 5 affected the operation of the hospital’s enterprise-wide information system.

HPMC president and CEO Allen Stefanek said in a statement last week that hospital staff noticed issues accessing the hospital’s computer network on Feb. 5 and the hospital’s IT department began an immediate investigation and determined it had been subject to a malware attack.

“The malware locked access to certain computer systems and prevented us from sharing communications electronically. Law enforcement was immediately notified. Computer experts immediately began assisting us in determining the outside source of the issue and bringing our systems back online,” he stated.

Stefanek also said, “The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

Stefanek also said the incident did not affect the delivery and quality of patient care. “Patient care has not been compromised in any way. Further, we have no evidence at this time that any patient or employee information was subject to unauthorized access,” he said.

However, for more than a week, hospital staff could not pull up electronic patient medical records and were registering patients on paper and communicating via fax lines.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Boston Children's Accelerates Data-Driven Approach to Clinical Research

In an effort to bring a more data-driven approach to clinical research, Boston Children’s Hospital has joined the TriNetX global health research network.

Paper Records, Films Most Common Type of Healthcare Data Breach, Study Finds

Despite the high level of hospital adoption of electronic health records and federal incentives to do so, paper and films were the most frequent location of breached data in hospitals, according to a recent study.

AHA Appoints Senior Advisor for Cybersecurity and Risk

The American Hospital Association (AHA) has announced that John Riggi has joined the association as senior advisor for cybersecurity and risk.

Report: Healthcare Accounted for 45% of All Ransomware Attacks in 2017

Healthcare fell victim to more ransomware attacks than any other industry in 2017, according to a new report from global cybersecurity insurance company Beazley.

Study: Use of EHRs Does Not Reduce Administrative Costs

A recent study by Duke University and Harvard Business School researchers found that costs for processing a single bill ranged from $20 for a primary care visit to $215 for an inpatient surgical procedure, or up to 25 percent of revenue.

Kibbe to Step Down as CEO of DirectTrust

David Kibbe, M.D., M.B.A., announced he would step down as president and CEO of DirectTrust at the end of the year.