HARRISBURG – The Senate Judiciary Committee passed significant reforms today as to how state government entities must address ransomware attacks, according to Sen. Kristin Phillips-Hill (R-York), who sponsored the measure.
“We continue to see ransomware attacks on governmental entities grow as technology used by criminals becomes more sophisticated,” Phillips-Hill said. “It is important that we use this legislation to draw a line in the sand to say taxpayers will not be paying the ransom request by entities seeking to illegally extort money from hard-working Pennsylvanians.”
Under the legislation, Senate Bill 563, the act of possessing, using, developing, selling or threatening to use ransomware is defined and made illegal in the Commonwealth. The measure would subject criminals who use ransomware to a range of penalties – first-degree misdemeanor to a first-degree felony – depending on the monetary amount exploited.
Phillips-Hill shared that the measure would require near immediate notification of a ransomware attack within state government entities.
The Office of Administration (OA) would be required to produce an annual report detailing the number of ransomware attacks, along with the nature and impact of each attack. To mitigate vulnerabilities, OA would be required to study the state’s IT weaknesses and ability to respond to ransomware attacks. Following the review, OA would develop guidelines featuring best practices and response to potential future ransomware attacks.
The legislation will be presented to the full Senate for consideration.