Murder, She Wrote: Ex-FBI Chief Wants some Ransomware Crims Charged with Homicide

Ransomware’s infiltration of hospital networks has moved beyond data theft to a public‑health crisis. When attackers lock down electronic medical records, delays in treatment can be fatal, a reality underscored by a University of Minnesota study linking at least 47 deaths to such incidents between 2016 and 2021. Former FBI cyber‑division leader Cynthia Kaiser argues that existing felony‑murder statutes— which punish dangerous felonies causing death— provide a legal pathway to hold ransomware operators accountable, potentially adding homicide charges to their arsenal of penalties.

The push for harsher penalties coincides with a troubling fiscal retreat. The administration’s 2027 budget proposes a $707 million reduction to CISA, the agency that coordinates federal‑state cyber defenses. Coupled with a loss of roughly 1,000 staff members, the cuts have stalled the Pre‑Ransomware Notification program, which once warned over 4,300 organizations and prevented about $9 billion in losses. Without these early alerts, hospitals and local governments become softer targets, amplifying the risk of service disruptions that can cost lives.

Policymakers now face a dual challenge: restoring funding and legal tools to deter cyber extortion while ensuring rapid information sharing. Reauthorizing the Cybersecurity Information Sharing Act and designating repeat hospital attackers as terrorist threats could strengthen both deterrence and response. If Congress embraces homicide provisions, ransomware groups may confront a new level of liability, reshaping the threat landscape and compelling attackers to weigh the ultimate cost of targeting critical health infrastructure.