Former FBI Official Proposes Terror Designations for Ransomware Hackers Targeting Hospitals

Ransomware has become a lethal threat to U.S. health‑care, with attacks forcing surgery cancellations, dialysis delays, and, increasingly, patient fatalities. The financial toll already runs into tens of millions of dollars each year, but the human cost is harder to quantify; investigators estimate hundreds of lives have been lost as encrypted systems cripple emergency care. This growing danger has prompted former FBI cyber chief Cynthia Kaiser to argue that existing counter‑terrorism statutes, particularly the post‑9/11 Executive Order 13224, are better suited than traditional cyber‑crime laws for deterring these actors.

Kaiser’s testimony calls for a formal terrorism designation of ransomware groups that target life‑safety infrastructure. Such a label would grant the State, Justice and Treasury departments powers to freeze foreign assets, block financial channels, and prosecute individuals who provide material support, even when the perpetrators operate abroad. Additionally, she suggests leveraging federal felony‑murder statutes to bring homicide or manslaughter charges when ransomware‑induced outages directly cause deaths, a legal strategy rarely used against cyber offenders. These tools could dramatically increase the cost of ransomware operations and signal that attacks on hospitals are national‑security threats, not merely criminal acts.

If Congress embraces the proposal, the ripple effects could reshape cyber‑risk insurance, with the Terrorism Risk Insurance Act potentially covering ransomware damages for hospitals. International partners may face diplomatic pressure to curb safe havens for cybercriminals, while U.S. intelligence agencies could intensify surveillance of ransomware networks. Critics warn that over‑broad terrorism labels might complicate law‑enforcement coordination, but the urgency of protecting patient lives and critical health infrastructure is likely to drive a decisive policy shift.