- Former FBI cyber division deputy Cynthia Kaiser urges DOJ to charge hospital ransomware attackers with felony murder if patient deaths occur
- University of Minnesota research tied at least 47 deaths to ransomware between 2016–2021; healthcare attacks nearly doubled from 238 in 2024 to 460 in 2025
- Kaiser also calls for exploring terrorism designations for groups repeatedly targeting hospitals, enabling sanctions and broader consequences
If a ransomware actor targets a hospital, and the attack results in a patient dying, the hacker should be charged with felony murder. This is what Cynthia Kaiser, former deputy assistant director of the FBI’s cyber division, urged the US Justice Department to consider, just recently.
In testimony before a US House of Representatives subcommittee hearing, Kaiser explained that ransomware attackers are causing deaths, citing University of Minnesota research documenting at least 47 deaths attributable to hospital ransomware attacks between 2016 and 2021. She added that the number is “almost certainly in the hundreds today”.
She also stressed that healthcare is now the number one ransomware target, claiming that attacks against hospitals nearly doubled from 238 in 2024, to 460 in 2025. Kaiser says this is a deliberate calculation, since attackers know when lives are on the line, hospitals are more likely to pay.
Article continues below
No user action requred
“Felony murder law does not require that a defendant pull a trigger, only that they commit a dangerous felony that results in death,” she said during the hearing, urging the DOJ to pursue homicide charges using existing felony murder law.
She also said that terrorism designations should be explored, as well. Kaiser urged that the Department of State, Justice, and Treasury formally evaluate whether existing terrorism statutes apply to ransomware actors who knowingly and repeatedly target hospitals, which would unlock sanctions, travel restrictions, and diplomatic consequences.
“I worked on these issues for years at the FBI and we need to step up even more,” she said. “They need additional authorities and resources to be able to [do so].”
Some ransomware actors have deliberately avoided hospitals and critical infrastructure organizations – not because they were too difficult to target, but because they immediately attract the attention of the FBI and other law enforcement agencies. In fact, some ransomware groups publicly terminated partnerships with affiliates who would use their encryptors against hospitals.
Via The Register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
https://cdn.mos.cms.futurecdn.net/kHhorZ4G7hCndEURtMoAST-2560-80.jpg
Source link
