"I believe there are no penalties too severe for individuals that would target our health care system," said Mississippi Rep. Michael Guest, a comment that framed a congressional hearing where lawmakers explored whether existing criminal tools are sufficient to deter hospital ransomware attacks.
House Homeland Security Committee hearing on cybercrime
Lawmakers at a joint meeting of the House Homeland Security Committee subcommittees on Border Security and Enforcement and Cybersecurity and Infrastructure Protection pressed officials and experts Tuesday about tougher responses to ransomware that hits hospitals. A former top FBI cyber official, Cynthia Kaiser, put forward two stark proposals: treating ransomware attacks against hospitals as terrorism and encouraging prosecutors to pursue homicide charges where deaths resulted. Kaiser presented the ideas to the panel and drew questions and interest from members.
Cynthia Kaiser and proposed legal tools
Kaiser, described at the hearing as "now senior vice of the Halcyon ransomware research center," said labeling attacks as terrorism through the State, Treasury and Justice departments could open the door to further sanctions, restricted travel and other penalties. She also told lawmakers that Justice Department guidance on homicide charges could clarify prosecutorial authorities in cases where patient deaths follow outages or degraded care. Rep. Lou Correa of California, the top Democrat on Guest’s subpanel, responded to the suggestions by saying, "It sounds like the language is there, it just has not been applied in these circumstances."
Scale of the problem: hospitals as the top target
The push for new legal tools comes amid a sharp rise in attacks on the health care sector. According to FBI statistics cited at the hearing, incidents doubled from 238 in 2024 to 460 in 2025, making health care the top targeted sector. A 2023 University of Minnesota study was also referenced during the meeting; that study estimated hospital ransomware attacks were responsible for dozens of deaths of Medicare patients.
Precedents and policy moves in Washington and abroad
Congress and the executive branch have already examined closer ties between cyberattacks and terrorism. The fiscal 2025 Senate intelligence authorization bill would have directly linked ransomware to terrorism, although the final version that became law was less explicit than the original Senate language. The Treasury Department recently asked for public feedback on changing a terrorism risk insurance program to address cyber-related losses. Separately, the Trump administration’s national cyber strategy advocates for a more offensive approach to hackers and released an executive order on cybercrime and fraud the same day it published the strategy—developments Kaiser said align with the proposals heard at the hearing.
The idea of using homicide or terrorism statutes in ransomware contexts is not entirely theoretical. German authorities in 2020 opened a negligent homicide investigation after a death in the aftermath of a ransomware attack, though they ultimately decided against bringing charges.
How prosecutors, hospitals, and patients are affected
- Prosecutors: Justice Department guidance on homicide charges could be a decisive factor, clarifying whether and how existing homicide statutes apply when a cyber disruption precedes patient deaths.
- Hospitals and health systems: Lawmakers pointed to real-world disruptions, including Mississippi health care clinics that closed following a February ransomware attack in Rep. Guest’s state, underscoring operational and public-health consequences.
- Patients and the public: The University of Minnesota study estimating dozens of Medicare patient deaths tied to hospital ransomware incidents was cited as part of the rationale for pursuing more severe criminal designations and penalties.
Tuesday’s hearing made clear that Congress is revisiting how far criminal and national-security tools should reach into cybercrime that affects public health. The proposals—terrorism designations by State, Treasury and Justice departments, expanded prosecutorial guidance on homicide charges, and related policy shifts—remain under debate, with lawmakers and experts weighing legal thresholds, precedents and practical effects.
