A senior FBI official specializing in cybersecurity has urged authorities to rethink the criminal response to such attacks, especially when they affect hospitals and critical services. And of course, because of the direct risk they pose to human life.
Basically, ransomware is a crime with primarily economic consequences. However, its growth and attack scenarios have changed.
The paralysis of healthcare systems, the cancellation of surgeries, and the interruption of essential services have elevated the problem to a much more serious level.
Cynthia Kaiser, with more than two decades of experience in the FBI and currently linked to the firm Halcyon, has argued before the House Homeland Security Committee that when an attack puts lives at risk, the legal response should be proportional.
In her intervention, she has even raised the possibility of charging crimes such as manslaughter or murder in those cases where a direct relationship between the cyberattack and a death can be established. In other words, if a deliberate action blocks medical systems and causes fatal consequences, its nature transcends the realm of digital fraud.
This approach could open the door to an unprecedented tightening in the pursuit of ransomware groups.
The healthcare sector, at the epicenter of the problem
Hospitals have become one of the priority targets for attackers. The reason is simple: their total dependence on computer systems and the urgency of their activity. In an environment where every minute counts, the interruption of technology can have immediate consequences.
According to an IBM report, since 2015, attacks targeting healthcare centers have increased exponentially, with increases of over 300%. This trend has had tangible effects on daily operations: ambulance diversions, delays in critical diagnoses, and suspension of urgent treatments.
These incidents also create a ripple effect in nearby centers, which receive an additional volume of patients. In some cases, this has led to a significant increase in cardiovascular emergencies and a drop in survival rates.
Recent examples highlighting the risk
In London, the attack on Synnovis, a key laboratory services provider for the public system, caused delays in blood tests and transfusions. This directly affected cancer treatments and scheduled surgeries, highlighting the fragility of the care chain.
The case of the Hospital Clínic de Barcelona, affected by an attack in Spain, illustrates as well how these situations can overwhelm response capacity and force a complete reorganization of healthcare for days.
Other significant episode took place in the United States, where a family claimed that a cyberattack contributed to the death of a newborn. During childbirth, the hospital’s computer systems were out of service, preventing access to essential monitoring tools.
Beyond individual cases, the trend points to a progressive abandonment of the unwritten codes that some ransomware groups claimed to respect during the pandemic, when they assured they would not attack hospitals. Today, those limits seem to have disappeared.
Critical infrastructures
Although the focus is on healthcare, the problem extends to other essential infrastructures. The attack on Colonial Pipeline in 2021 demonstrated how a digital disruption can translate into fuel shortages, panic buying, and public order disturbances.
The risk is even greater in sectors such as energy, water, or transportation. An attack on the power grid, for example, could leave hospitals, emergency services, or residences without supply, creating a highly vulnerable scenario for thousands of people.
Ransomware is no longer just a tool of extortion but a threat capable of destabilizing entire systems.
All this also poses challenges. Determining intent, establishing the direct relationship between the attack and its consequences, or coordinating international jurisdictions are complex aspects that will require specific legal and operational adjustments.
