Former FBI cyber division chief Cynthia Kaiser urges US Justice Department to pursue felony homicide charges against ransomware actors when attacks on hospitals lead to patient deaths, citing at least 47 documented deaths between 2016-2021 and warning the number is "almost certainly in the hundreds today."
A former FBI cyber division chief has called for the US Justice Department to pursue felony homicide charges against ransomware criminals whose attacks on hospitals result in patient deaths, marking a dramatic escalation in the legal response to cybercrime.
Cynthia Kaiser, former deputy assistant director of the FBI's cyber division and now senior vice president at the Halcyon Ransomware Research Center, testified before a US House of Representatives subcommittee that the federal government should use existing legal authorities to prosecute ransomware actors more aggressively when their attacks have fatal consequences.
"The gap between the severity of these crimes and the consequences that follow needs to close," Kaiser told lawmakers on Tuesday. She specifically urged federal prosecutors to evaluate homicide charges when ransomware attacks against healthcare facilities cause patient deaths.
Kaiser's testimony referenced a University of Minnesota study documenting at least 47 deaths attributable to hospital ransomware attacks between 2016 and 2021. "That number is almost certainly in the hundreds today," she added, highlighting the growing human toll of these cyber incidents.
Under felony murder law, prosecutors don't need to prove the defendant directly caused the death - only that they committed a dangerous felony that resulted in death. This legal framework could potentially apply to ransomware attacks that disrupt critical hospital operations and medical care.
Kaiser also called on the US State, Justice, and Treasury departments to evaluate terrorism designations for "ransomware actors [who] knowingly and repeatedly target hospitals." This would represent another significant escalation in how the US government classifies and responds to ransomware operations.
The testimony comes amid broader concerns about federal cybersecurity funding and capabilities. Kaiser urged Congress to fully fund and reauthorize the State and Local Cybersecurity Grant Program, which faced cuts during the first year of President Trump's second term. The President's 2027 budget proposal would slash CISA spending by an additional $707 million next fiscal year.
"State and local governments are disproportionately targeted by ransomware, and they often lack the resources to defend themselves," Kaiser said in written testimony. "Governments and government services were the fourth most targeted sector in 2025. Cutting this funding would be a gift to ransomware criminals."
Other expert witnesses at the hearing and Democratic lawmakers also advocated for increased funding for state and local governments and, by extension, CISA, which manages many federal initiatives to boost state and local security posture.
Megan Stifel, Chief Strategy Officer at the Institute for Security and Technology, called on Congress to pass a long-term or permanent reauthorization of the information sharing authorities in the Cybersecurity Information Sharing Act of 2015, set to expire on September 30.
Stifel noted that while the national security threat posed by ransomware has decreased since the Ransomware Task Force launched in 2021, recent developments threaten to reverse this progress. "However, challenges with cuts to the federal workforce and funding, as well as organizational and people, all threatened to stall all this progress," she said.
The hearing also highlighted the impact of recent workforce reductions at CISA. David Stern, who led CISA's Pre-Ransomware Notification program, resigned in December after more than a decade at the agency. This program, which operated with a single individual, sent pre-ransomware notifications to more than 4,300 organizations between late 2022 and late 2025, preventing about $9 billion in economic losses.
"Nine billion dollars in damages that initiative prevented, in large part because of the work - I'll use the term Director Vought likes to use - of one bureaucrat," said US Rep. James R. Walkinshaw (D-VA), referring to Office of Management and Budget Director Russell Vought's controversial approach to federal workforce management.
Walkinshaw criticized the administration's policies, stating: "Ransomware is occurring today because this administration drove out the expert, the federal employee, who was helping to prevent it to the tune of $9 billion. We are shooting ourselves in the foot."
The testimony underscores growing frustration with the current approach to combating ransomware and suggests that some experts believe more severe legal consequences are necessary to deter attacks on critical infrastructure, particularly healthcare facilities where disruptions can have life-or-death consequences.
The debate over how to effectively combat ransomware continues as federal agencies face budget constraints and workforce reductions even as cyber threats evolve and potentially become more deadly.
Comments
Please log in or register to join the discussion