"The gap between the severity of these crimes and the consequences that follow needs to close," Cynthia Kaiser told a House subcommittee on Tuesday, urging prosecutors and policymakers to use existing authorities to treat some ransomware attacks as lethal crimes.
Cynthia Kaiser urges felony homicide charges for hospital-targeting ransomware actors
Cynthia Kaiser, identified in her testimony as a former deputy assistant director of the FBI's cyber division and now senior vice president at the Halcyon Ransomware Research Center, asked the U.S. Department of Justice to evaluate felony homicide charges when ransomware attacks against healthcare facilities produce patient deaths. Kaiser invoked felony murder law in her argument, saying the statute "does not require that a defendant pull the trigger, only that they commit a dangerous felony that results in death." She cited a University of Minnesota study documenting at least 47 deaths attributable to hospital ransomware attacks between 2016 and 2021 and added: "That number is almost certainly in the hundreds today."
State, Justice and Treasury urged to weigh terrorism designations
Kaiser also urged the U.S. State, Justice, and Treasury departments to evaluate terrorism designations for "ransomware actors [who] knowingly and repeatedly target hospitals." Her testimony pressed federal authorities to use three existing legal authorities to go after ransomware criminals who encrypt healthcare networks and systems, framing harsher criminal labeling and penalties as a policy lever to close what she described as a gap between harm and consequence.
CISA funding cuts, workforce losses, and congressional reauthorization
Other witnesses at the hearing and Democratic lawmakers pressed for increased funding for state and local governments and for the Cybersecurity and Infrastructure Security Agency (CISA). Testimony said CISA lost "millions in funding and about a third of its workforce (close to 1,000 people)" in the past year. The President's 2027 budget proposal was noted in the hearing record as proposing an additional $707 million cut to CISA next fiscal year. Kaiser specifically called on Congress to fully fund and reauthorize the State and Local Cybersecurity Grant Program, saying "State and local governments are disproportionately targeted by ransomware, and they often lack the resources to defend themselves," and noting that "Governments and government services were the fourth most targeted sector in 2025."
Pre-Ransomware Notification program, David Stern, and claimed prevented losses
Megan Stifel, chief strategy officer at the Institute for Security and Technology (IST), described a CISA-run Pre-Ransomware Notification program that she said "is a really critical program that currently is not operating." Testimony identified David Stern as the official who led that program until he resigned in December. According to the record, Stern "sent pre-ransomware notifications to more than 4,300 organizations between late 2022 and late 2025, preventing about $9 billion in economic losses." Stifel warned that cuts to federal workforce and funding, along with organizational and personnel challenges, "threatened to stall all this progress" from the Ransomware Task Force launched in 2021.
Institute for Security and Technology: task-force gains at risk
Megan Stifel told lawmakers that while the national security threat posed by ransomware "has decreased since IST launched the Ransomware Task Force in 2021," progress is fragile. She urged Congress to pass a long-term or permanent reauthorization of the information-sharing authorities in the Cybersecurity Information Sharing Act of 2015, which the hearing record noted is set to expire again on September 30. Stifel said the administration's strategic approach risks "leaning too heavily on disruption at the expense of shoring up our defenses at home," and asserted that, "for the first time, we've seen material setbacks when it comes to implementing recommendations from the Ransomware Task Force."
What this means for hospitals, Congress, and CISA
- Hospitals and healthcare providers: Kaiser’s request that prosecutors consider felony homicide charges and terrorism designations signals pressure for legal and policy tools to be applied when ransomware is linked to patient harm; the University of Minnesota study and Kaiser’s testimony frame deaths from hospital-targeted ransomware as part of the calculus.
- Congress and federal departments (State, Justice, Treasury): Lawmakers were urged to weigh reauthorizations and funding — including the State and Local Cybersecurity Grant Program and CISA’s budget — while also deciding whether to use terrorism designations and felony homicide prosecutions for repeat, hospital-focused ransomware actors.
- CISA and federal cybersecurity programs: Testimony highlighted a staffing and funding squeeze at CISA, the reported cessation of the Pre-Ransomware Notification program after David Stern’s departure, and the risk that earlier gains from the Ransomware Task Force will be stalled without sustained funding and workforce capacity.
At the hearing, Representative James R. Walkinshaw (D-VA) framed those personnel and funding shifts sharply, attributing Stern’s departure to a broader administration posture he quoted from an Office of Management and Budget plan and concluding, "Ransomware is occurring today because this administration drove out the expert... We are shooting ourselves in the foot." That charge sets a political backdrop for the policy choices Congress and federal departments now face: whether to expand criminal designations and prosecutions in response to lethal ransomware outcomes, and whether to restore programs and funding that witnesses said had demonstrably reduced risk and economic loss.
Original story: https://go.theregister.com/feed/www.theregister.com/2026/04/21/exfbi_cyber_chief_urges_felony_charges_ransomware/
