- Cynthia Kaiser, a former deputy in the FBI’s cyber division, is urging the Justice Department to charge hospital ransomware attackers with felony murder in cases of patient deaths.
- Research from the University of Minnesota linked at least 47 deaths to ransomware between 2016 and 2021; attacks on healthcare nearly doubled from 238 in 2024 to 460 in 2025
- Kaiser also calls for exploring terrorism designations for groups repeatedly targeting hospitals, which would allow for broader sanctions and consequences.
If a ransomware actor targets a hospital and the attack results in the death of a patient, the hacker should be charged with murder. That’s what Cynthia Kaiser, former deputy director of the FBI’s cyber division, recently urged the U.S. Department of Justice to consider.
During a hearing before a U.S. House subcommittee, Kaiser explained that ransomware attacks cause deaths, citing research from the University of Minnesota documenting at least 47 deaths attributable to ransomware attacks in hospitals between 2016 and 2021. She added that the number is “almost certainly in the hundreds today.”
She also pointed out that healthcare is now the number one target for ransomware, saying attacks on hospitals have nearly doubled from 238 in 2024 to 460 in 2025. Kaiser says this is a deliberate calculation, since attackers know that when lives are at stake, hospitals are more likely to pay up.
Article continues below
No user action required
“The felony murder statute does not require a defendant to pull the trigger, only to commit a dangerous crime resulting in death,” she said during the hearing, urging the DOJ to pursue homicide charges using the existing felony murder statute.
She also said terrorism designations should also be explored. Kaiser urged the Departments of State, Justice and Treasury to formally assess whether existing antiterrorism laws apply to ransomware actors who knowingly and repeatedly target hospitals, which would unlock sanctions, travel restrictions and diplomatic consequences.
“I have worked on these issues for years at the FBI and we need to step up our efforts even further,” she said. “They need additional powers and resources to be able to [do so].”
Some ransomware perpetrators deliberately avoided hospitals and critical infrastructure organizations, not because they were too difficult to target, but because they immediately attracted the attention of the FBI and other law enforcement agencies. In fact, some ransomware groups have publicly ended partnerships with subsidiaries that would use their encryptors against hospitals.
Via The register
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
