I agree . Make it too frightening to even consider the crime
I worked in health care and just retired a few weeks ago after 39 years, and it is a fact that healthcare is specifically targeted by ransomware pirates and people who write malicious code that when it isn't simply to extort money, is emotionally for them the simple equivalent of spraypainting a car and then overturning it and setting it on fire.
I took part in a conference call a couple of years ago with probably about 70 people from hospitals all over our region, and one hospital that had undergone a ransomware attack, three months after the fact, told us their story.
Three months later, and it STILL was not fully operational. The harm it caused to patients was profound, and the mental anguish it caused for the healthcare providers who were unable to provide timely care was sobering.
And it gave me a keyhole glimpse into what would happen if we had a large EMP event.
Hospitals are vulnerable to these types of attacks, because they often have no recourse but to pay. This hospital had all of their active system databases encrypted and locked, and the malicious software searched and found their backups, infected them and were also encrypted and locked by this ransomware.
In their immediate region, they were the only Level 1 Trauma hospital that could be accessed without putting someone in a helicopter.
They had to resort to paper, which they didn't have and were unprepared for. They could only store and display their radiology images on the devices that acquired them. They had no way to transmit results on exams to clinicians who needed them. At one point, they had to close and lock the doors to the rooms the Radiologists occupied to execute their interpretations, because it was like a zombie movie with clinicians taking care of critically ill patients, clamoring at the doors to get results.
The team from that hospital were obviously traumatized by it, and I heard several of their voices crack and choke up as they described the events.
When asked if they had to pay the ransomware pirates, they declined to tell people on the conference for legal reasons, which made me conclude they had to pay millions, but that is speculation on my part.
As you can probably guess-I am not in the least bit kidding in my post saying these people should be hunted down by trained military assault teams, have canvas bags placed over their heads, transported to places they can be waterboarded to extract any available information about their cohorts, tried, and executed.
It sounds harsh, but just wait until one of these people does something that kills large quantities of people in a single event. Hacking planes. Hacking power grids.
Or worse.