Ransomware is a national security issue that affects all 16 critical infrastructure sectors, including the transportation and healthcare sectors.
Over the past year, ransomware attacks have made major headlines. In May 2021, Colonial Pipeline — which transports 100 million gallons per day of gasoline, diesel, and jet fuel — was shut down due to a ransomware attack. The company paid a ransom of $4.4 million. In June 2021, JBS — the largest meat production company in the world — was shut down due to a ransomware attack, and it paid a ransom of $11 million.
These are not isolated incidents. According to one source, the U.S. suffered 65,000 ransomware attacks in 2020 alone. The Department of Health and Human Services reports that in 2020, there were 80 ransomware incidents affecting 560 healthcare organizations, which caused ambulances to be rerouted, radiation treatments to be delayed, and loss of access to medical records. Similarly, an IBM report reveals that in 2020, the transportation industry was among the top 10 most cyberattacked industries.
In 2020, ransomware payments reached over $400 million. A leading cybersecurity company reports that in 2020, the average ransomware payment was over $300,000, and the highest ransomware payment was $30 million.
Recently, President Biden issued an Executive Order on Improving the Nation’s Cybersecurity and observed that “Protecting our Nation from malicious cyber actors requires the Federal Government to partner with the private sector. The private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.” President Biden also issued a memorandum about the need to improve cybersecurity for critical infrastructure control systems.
To address the ever-growing problem of ransomware and other forms of cyberattacks, Congress has introduced a spate of bills this year. Among them:
Other related bills also include the Cybersecurity Vulnerability Remediation Act, the CISA Cyber Exercise Act, the International Cybercrime Prevention Act of 2021, and the Pipeline Security Act.
Whether a variation of any of these bills ultimately passes into law remains to be seen. We will continue to monitor these bills. In the interim, we recommend that our clients be proactive with their cybersecurity efforts and encourage the following:
Before proceeding, please note: If you are not a current client of Lane Powell PC, please do not include any information in this email that you or someone else considers to be confidential or secret in nature. Prior to the establishment of a lawyer-client relationship, unsolicited emails from non-clients containing confidential or secret information cannot be protected from disclosure.