Cyber attacks against Michigan hospitals prompt calls for legislative remedies

Bill Hinton | Getty Images)

McLaren and Ascension hospitals in Michigan have been victims of cyber attacks in recent weeks and elected officials in Michigan are calling attention to vulnerabilities for patients and consumers in the state to protect against attacks.

McLaren confirmed last week that on Aug. 6 that the hospital system had been the victim of a criminal cyber attack that disrupted its IT function and phone systems, causing strains to hospital functions and appointments being rescheduled.

McLaren hasn’t confirmed yet if any patient or employee data has been stolen.

“To the communities we are honored to serve, we deeply and sincerely apologize for any inconvenience the attack by these malicious threat actors has caused,” a statement from McLaren on Aug. 7 reads . “We truly appreciate the understanding of our patients, their families and loved ones, and the visitors to our facilities.”

The recent attack against McLaren serves as a warning that even the most private of personal information is under threat against illegal activity, Michigan Attorney General Dana Nessel said in a news release on Friday . She encouraged Michiganders to remain vigilant of warning signs that their information is in jeopardy, but she also took a moment to point at Michigan’s lack of notifications to residents about data breaches.

“Unfortunately, at this time information is scarce as to what information may have been exposed,” Nessel said in the news release. “While more than 30 other states have laws requiring State notification of significant breaches, Michigan is not among them, and consumer protection agencies like ours often only learn of these attacks by media reporting.”

Last August, McClaren experienced another cyber attack, in which Nessel’s office confirmed the cybercriminal gang ALPHV (or BlackCat) stole the personal health information of 2.5 million McLaren patients as part of a ransomware attack where the group threatened to leak the information of the dark web unless they were paid.

Criminal penalties for ransomware attacks should be higher, State Rep. Donni Steele (R-Orion Township) said in a statement Friday, calling for legislative action.

Currently, the possession of ransomware with intention to utilize it in Michigan is a felony , carrying up to 3 years in prison and Steele argues that the penalties should be increased.

“Lax punishments for ransomware attacks are opening the door for these criminals to target people and businesses in Michigan,” Steele said in a statement. “These attacks disrupt medical treatment for people in need. No cancer patient or expecting mother should have to worry about cyber criminals when seeking care at a local hospital.”

On May 8, Ascension hospitals across several states had operations impacted due to a ransomware attack , which impacted patients in Michigan .

Steele said in her statement that these attacks aren’t going away and lawmakers can’t stand by and watch Michiganders suffer.

“We must take a [holistic] approach and ensure the state and federal government is partnering with local law enforcement to combat these threats,” Steele said. “We need to guarantee police have whatever resources they need to protect our health care system.”

SUBSCRIBE: GET THE MORNING HEADLINES DELIVERED TO YOUR INBOX