If a cyberattack leads to a death, that’s murder. A former FBI cyber division chief urged the US Justice Department to consider felony homicide charges against ransomware actors when attacks on hospitals lead to patient deaths.
In testimony before a US House of Representatives subcommittee hearing, Cynthia Kaiser, former deputy assistant director of the FBI’s cyber division, implored lawmakers to “champion” the federal government to use three existing legal authorities to go after ransomware criminals who encrypt healthcare networks and systems.
“The gap between the severity of these crimes and the consequences that follow needs to close,” Kaiser, Halcyon Ransomware Research Center SVP, told lawmakers on Tuesday.
Kaiser called on the US State, Justice, and Treasury departments to evaluate terrorism designations for “ransomware actors [who] knowingly and repeatedly target hospitals.”
The gap between the severity of these crimes and the consequences that follow needs to close
She also urged federal prosecutors to evaluate homicide charges when ransomware attacks against healthcare facilities cause patient deaths. “Felony murder law does not require that a defendant pull the trigger, only that they commit a dangerous felony that results in death,” Kaiser said, citing a University of Minnesota study that documented at least 47 deaths attributable to hospital ransomware attacks between 2016 and 2021. “That number is almost certainly in the hundreds today,” she added.
Additionally, Kaiser begged Congress to fully fund and reauthorize the State and Local Cybersecurity Grant Program, which took a hit during the first year of Trump’s second term. The President’s 2027 budget proposal would slash CISA spending by an additional $707 million next fiscal year.
“State and local governments are disproportionately targeted by ransomware, and they often lack the resources to defend themselves,” Kaiser said in written testimony shared with The Register. “Governments and government services were the fourth most targeted sector in 2025. Cutting this funding would be a gift to ransomware criminals.”
Other expert witnesses at the hearing and Democratic lawmakers on the subcommittees also advocated for increased funding for state and local governments – and, in turn CISA, which manages and supports many of the federal government’s initiatives to boost state and local security posture.
The Institute for Security and Technology’s Chief Strategy Officer Megan Stifel called on Congress to pass a long-term or permanent reauthorization of the information sharing authorities in the Cybersecurity Information Sharing Act of 2015, set to expire (again) on September 30.
Stifel also told lawmakers that the national security threat posed by ransomware has decreased since IST launched the Ransomware Task Force in 2021.
“However, challenges with cuts to the federal workforce and funding, as well as organizational and people, all threatened to stall all this progress,” Stifel said. “The administration’s strategic approach risks leaning too heavily on disruption at the expense of shoring up our defenses at home. In fact, for the first time, we’ve seen material setbacks when it comes to implementing recommendations from the Ransomware Task Force. This committee should continue its bipartisan oversight of the administration to ensure that CISA is able to carry out its mission in the face of significant cuts to its workforce.”
CISA lost millions in funding and about a third of its workforce (close to 1,000 people) this year. One of these employees, David Stern, who led CISA’s Pre-Ransomware Notification program, resigned in December.
“It’s a really critical program that currently is not operating,” Stifel said. “The program received indications of warning from industry, in many cases supported by the Cybersecurity Information Sharing Act … This program was run by one individual who would receive these tips, and call victims who either already had a threat actor in their networks or were known soon to be targeted by these threat actors, and gave them notice that they were about to become a victim, and work with those victims to mitigate the risk.”
Ransomware is occurring today because this administration drove out the expert, the federal employee, who was helping to prevent it to the tune of $9 billion. We are shooting ourselves in the foot
Stern, in this role, sent pre-ransomware notifications to more than 4,300 organizations between late 2022 and late 2025, preventing about $9 billion in economic losses. He spent more than a decade at CISA before being pushed out late last year.
“Nine billion dollars in damages that initiative prevented, in large part because of the work – I’ll use the term Director Vought likes to use – of one bureaucrat,” US Rep. James R. Walkinshaw (D-VA) said.
He’s referring to the US Office of Management and Budget Director Russell Vought, who famously planned the Trump administration’s scorched-earth policy on federal employees: “When they wake up in the morning, we want them to not want to go to work, because they are increasingly viewed as the villains. We want their funding to be shut down…We want to put them in trauma.”
Walkinshaw said Vought’s plan succeeded in making Stern (and others) “not want to go to work, because he left and that program is no longer functioning. Ransomware is occurring today because this administration drove out the expert, the federal employee, who was helping to prevent it to the tune of $9 billion. We are shooting ourselves in the foot.” ®
Click Here For The Original Source.
