State needs to address ransomware attacks
A Pittsburgh Post-Gazette article in last Tuesday’s edition of the Williamsport Sun-Gazette details a troubling trend: Pennsylvania led the U.S. in data breach losses in 2020.
These cyberattacks have disrupted and in some cases fully disabled the functioning of health care systems, gas pipelines, colleges and government offices.
According to the report, in 2020, at least 116 victims paid more than $5 million in these online extortion ploys — and experts believe the numbers are likely inaccurate and miss many instances of ransomware attacks.
One reason cases of ransomware attacks in Pennsylvania are undercounted is because there is no law requiring instances be reported to any law enforcement agency. It’s a problem in many states besides Pennsylvania.
“Our notification system is broken,” James Lee of the Identity Theft Resource Center told the Post-Gazette. “There’s no question. It’s broken, it’s inefficient and it’s ineffective.”
“We don’t really have a sense of the scale of this problem, how often it’s happening, how many of these businesses are being hit,” Josephine Wolff, who teaches cybersecurity policy at Tufts University, told the Pittsburgh newspaper.
That must change. Our state lawmakers need to talk to experts in the field of cybersecurity and to the victims — the businesses and institutions affected by ransomware attacks — and begin crafting legislation that helps law enforcement and prosecutors under the scope and nature of the malice, and how they can investigate the perpetrators and bring them to justice.