Jump to content
  • State Legislatures Consider Bans on Ransomware Payments

    aum

    • 516 views
    • 3 minutes
     Share


    • 516 views
    • 3 minutes

    State Legislatures Consider Bans on Ransomware Payments

     

    As ransomware attacks continue to dominate the news cycle, legislation has recently been introduced in several states that would place limits on certain entities’ ability to pay a ransom payment in the event of a ransomware attack. Although the proposed limits would generally apply to state agencies and other local governmental authorities, certain state proposals may also apply to state agencies’ IT service providers, entities that receive public funds, and/or business entities more broadly. The following summary provides an overview of five pending bills in New York, North Carolina, Pennsylvania, and Texas.

     

    New York

     

    NY S 6806 would broadly prohibit business entities and healthcare entities, in addition to governmental entities within the state, from paying a ransom in the event of a ransomware attack. The proposed legislation would also create a new notification requirement for governmental entities, which would be required to report any cyber incidents, as defined in the law, and to report ransomware attacks to the New York State Division of Homeland Security and Emergency Services. “Business entity” is defined as any legal entity that conducts business in the state of New York, and “health care entity” is defined as any health care facility that is regulated by the New York Department of Health.

     

    Another pending proposal in New York, NY S 6154, would create a Cyber Security Enhancement Fund to be used for the purpose of upgrading cybersecurity in local governments throughout New York state, including but not limited to cities with a population of one million or less. The legislation would also prohibit the use of local and state taxpayer funds to pay ransoms in response to ransomware attacks, beginning on January 1, 2024.

     

    North Carolina

     

    NC H 813 would prohibit state agencies and local government entities from paying a ransom payment or otherwise communicating with an entity that has engaged in a ransomware incident. Local government entities would also be required to consult the state Department of Information Technology if they receive a ransom demand.

     

    Pennsylvania

     

    PA S 726 would prohibit the use of state and local taxpayer money or other public money to pay a ransom payment. The one exception to this ban would be if the governor of Pennsylvania has declared a disaster emergency and authorizes a state agency to pay a ransom payment in connection with the emergency. Notably, in addition to creating a new notification requirement for state agencies, the bill would also require IT managed service providers of state agencies to notify the relevant agencies within one hour of discovery of a ransomware incident.

     

    Texas

     

    In addition to enhancing broad cybersecurity and emergency preparedness measures for state agencies, TX 3892 would prohibit local government entities or “political subdivisions” from making ransom payments related to a ransomware attack. The law would also require political subdivisions to report ransomware attacks to both the attorney general and the Department of Information Resources.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...