According to SC Media coverage, a former FBI cyber division chief—identified as Cynthia Kaiser, former deputy assistant director of the FBI's cyber division—is urging the U.S. Justice Department to consider felony homicide charges against ransomware actors when their attacks on hospitals result in patient deaths.
This represents an escalation in the legal framework applied to ransomware operations. Historically, these attacks have been prosecuted under computer fraud, extortion, and money laundering statutes. Treating them as homicide would create personal criminal liability tied directly to loss of life—a significantly higher bar with longer sentences and broader prosecutorial authority.
Why this matters: Hospitals are critical infrastructure. When ransomware disables electronic health records, imaging systems, or patient monitoring equipment, the impact is measurable: delayed surgeries, diverted emergency care, medication errors. The gap between attack and patient harm is narrow and documented. If prosecutors successfully establish causal chain and criminal intent, it could reshape threat calculations for ransomware operators.
The proposal also reflects real operational friction. Ransomware groups increasingly target healthcare specifically because hospitals face existential pressure to pay quickly—system outages directly threaten life. Higher criminal penalties could reduce that targeting calculus, though it may also push operators to more sophisticated obfuscation or geographic relocation.
What to watch: Implementation depends on DOJ response and whether prosecutors can establish provable causality in specific cases. Homicide charges require intent or recklessness—ransomware actors would likely argue they target data, not infrastructure. Expect legal challenges and debate over burden of proof.
For preparedness purposes, this signals tightening legal exposure for threat actors, which may reduce frequency of healthcare targeting—but may also increase sophistication of cover, encryption, and attribution obfuscation. Hospital preparedness teams should assume adversaries will adapt, not retreat.
