Senate committee advances Phillips-Hill’s measure addressing ransomware attacks


HARRISBURG – The Senate Judiciary Committee approved legislation that addresses ransomware attacks against state government, county governments, municipalities, as well as school districts, and state-owned and state-related universities, according to the bill’s sponsor, Senator Kristin Phillips-Hill (R-York).

“We have seen ransomware attacks target both public and private sectors,” Phillips-Hill said. “This evolving enemy can wreak havoc on our way of life as evidenced when a pipeline responsible for half of the oil on the East Coast was subject to a ransomware attack. This legislation ensures the state, local governments and schools remain vigilant against this very real threat.”

Senate Bill 726 would impose significant penalties on any individual who possesses, uses, sells, transfers, develops or threatens the use of ransomware.

Under the measure, an individual found guilty of a ransomware offense would be subject to a range of penalties – first-degree misdemeanor to a first-degree felony – depending on the monetary amount exploited.

The bill also strengthens ransomware alerting within state agencies, the judicial branch, the Legislature, local governments, school districts, publicly funded colleges and universities, by requiring notification within one to two hours of first discovery of a ransomware attack.

Phillips-Hill also stressed the necessity that as ransomware evolves, state government needs to incorporate best practices to mitigate any outside threats. “By requiring the Office of Administration to study all aspects of susceptibility of ransomware attacks, as well as look at vulnerabilities and implement best practices and tools to monitor any threats, we will ensure Commonwealth assets are safeguarded from these ongoing attack attempts,” she said.

Her measure would also prohibit state agencies and local governments from using taxpayer dollars to pay ransom demands.

Each year, lawmakers would receive a report from the Office of Administration on updated policies and procedures regarding ransomware, as well as the number of attacks against state agencies and the impact of those attacks.

“We need to work together – the Legislature and administration – to ensure our state government’s ever-increasing online assets are safeguarded,” Phillips-Hill said.

The legislation now advances to the full Senate for its consideration.

Senator Kristin Phillips-Hill (R-York) speaks during a Senate Judiciary Committee meeting about her legislation that would address ransomware attacks in Pennsylvania.