What's Happening?
During a recent House Homeland Security Committee hearing, lawmakers discussed the possibility of classifying ransomware attacks on hospitals as acts of terrorism. This proposal, presented by former FBI cyber official Cynthia Kaiser, aims to impose stricter
penalties on cybercriminals targeting healthcare facilities. The discussion also included the potential for pursuing homicide charges in cases where ransomware attacks result in patient deaths. This comes in response to a significant increase in ransomware incidents in the healthcare sector, which doubled from 238 in 2024 to 460 in 2025, according to FBI statistics. The idea of linking cyberattacks to terrorism has been considered by Congress and the executive branch, with the fiscal 2025 Senate intelligence authorization bill initially proposing such a connection. The Treasury Department is also seeking public input on modifying a terrorism risk insurance program to cover cyber-related losses.
Why It's Important?
The classification of ransomware attacks on hospitals as terrorism could lead to more severe legal consequences for perpetrators, potentially deterring future attacks. This move reflects the growing concern over the vulnerability of critical infrastructure, particularly in the healthcare sector, to cyber threats. By treating these attacks as terrorism, the government could impose sanctions, restrict travel, and apply other punitive measures against offenders. This approach aligns with the Trump administration's national cyber strategy, which advocates for a more aggressive stance against cybercriminals. The potential for homicide charges underscores the serious impact of these attacks on public safety and the healthcare system, highlighting the need for robust cybersecurity measures to protect vulnerable sectors.
What's Next?
If lawmakers decide to pursue these proposals, it could lead to significant changes in how ransomware attacks are prosecuted and penalized. The Justice Department may issue new guidance on applying terrorism designations and homicide charges in cybercrime cases. Additionally, the Treasury Department's consideration of changes to the terrorism risk insurance program could result in new policies to address cyber-related losses. These developments may prompt healthcare organizations to strengthen their cybersecurity defenses and collaborate with government agencies to mitigate the risk of ransomware attacks.
