CONSENSUS WIRE
← Back to Crime & Security

Lawmakers Propose Treating Hospital Ransomware Attacks as Terrorism

Crime & SecurityAI-Generated & Algorithmically Scored·

AI-generated from multiple sources. Verify before acting on this reporting.

WASHINGTON — U.S. lawmakers on Monday introduced proposals to classify ransomware attacks on hospitals as acts of terrorism and pursue homicide charges when patients die as a result of the cyber intrusions.

The measures were discussed during a House Homeland Security Committee hearing, where members sought to address a sharp rise in cyberattacks targeting the healthcare sector. Rep. Michael Guest, a Republican from Mississippi, and Rep. Lou Correa, a Democrat from California, joined former FBI cyber official Cynthia Kaiser in outlining the need for stricter penalties.

Current federal law treats ransomware primarily as a property crime, but committee members argued that the stakes are significantly higher when critical medical infrastructure is compromised. The proposals aim to elevate the legal consequences to match the potential for loss of life.

"When a hospital is locked out of its systems, surgeries are cancelled, and patients die, that is not just a cybercrime. That is a homicide," Guest said during the hearing.

The push for harsher penalties comes as ransomware incidents targeting healthcare facilities have doubled from 2024 to 2025. The surge has left hospitals scrambling to restore operations, often paying ransoms to regain access to patient records and life-support systems. Kaiser, who testified before the committee, highlighted the operational paralysis that follows these attacks, noting that recovery times often extend for weeks.

Correa emphasized the need for a unified federal response, stating that the current patchwork of state and federal laws is insufficient to deter sophisticated criminal groups. The proposed legislation would allow federal prosecutors to charge attackers with terrorism-related offenses, which carry significantly longer prison sentences than standard computer fraud statutes.

The committee also discussed the logistical challenges of implementing homicide charges in cyber cases. Establishing a direct causal link between a digital intrusion and a specific patient death presents complex legal hurdles. Prosecutors would need to prove that the attack directly prevented necessary medical care, a standard that may be difficult to meet in every case.

Critics of the proposal have raised concerns about the potential for overreach, arguing that labeling cyberattacks as terrorism could complicate international cooperation and extradition efforts. However, committee members dismissed these concerns, prioritizing the protection of domestic healthcare infrastructure.

The hearing concluded with a call for immediate action, but the path to legislation remains uncertain. It is unclear whether the proposals will be attached to broader cybersecurity bills or introduced as standalone measures. Lawmakers indicated that further discussions with the Justice Department and intelligence agencies are necessary before drafting final language.

As the debate continues, hospitals remain vulnerable to evolving threats. Cybersecurity experts warn that without significant changes to federal law, criminal groups may view the healthcare sector as a low-risk target for high-reward attacks.