State Rep. Donni Steele said lawmakers should create legislation that increases penalties and improve partnerships with local law enforcement to improve ransomware responses. The statement said the maximum penalty for hacking into a computer system in Michigan is up to five years in prison, while the penalty for possessing ransomware is up to three years in prison.
“It’s unacceptable that criminal gangs who maintain a stranglehold over health care services for our communities face only five years in prison if they’re caught,” said Steele in the statement. “These attacks disrupt medical treatment for people in need. No cancer patient or expecting mother should have to worry about cyber criminals when seeking care at a local hospital.”
The McLaren hospital system — which manages 13 hospitals across Michigan, including facilities in Bay City, Caro, Clarkston, Flint, Lansing, Pontiac and Port Huron — has not confirmed that the Aug. 6 attack was a ransomware attack, but has labeled it as a "criminal cyber attack." The attack disrupted its IT and telephone systems.
"Several information technology systems continue to operate in downtime procedures while we work to fully restore functionality to our system," the health care system said in a notice. "We have policies and procedures in place and train for information technology disruptions."
The company said on Wednesday that it is determining whether patient or employee health data was compromised.
A McLaren spokesman said there were no updates Friday on the attack and whether normal operations had resumed.
The McLaren attack comes just months after a separate incident against Ascension that caused widespread issues. Ascension Healthcare restored electronic health record access to some Michigan hospitals in June, more than a month after a cyber attack may have exposed patients' health information and information identifying them.
Hackers took files from seven of the Ascension system's roughly 25,000 servers used for daily and routine tasks, officials said. They believe some of the files contained health information and personally identifiable information.
The hackers gained access to Ascension's systems after an employee accidentally downloaded a malicious file, which the health system called an "honest mistake" in June.
“Lax punishments for ransomware attacks are opening the door for these criminals to target people and businesses in Michigan,” said Steele, an Orion Township Republican. “Clearly, this threat is not going away."
© 2024 The Detroit News. Distributed by Tribune Content Agency, LLC.
