A former senior FBI cyber official is calling on the federal government to consider treating some ransomware attacks as acts of terrorism, arguing that cybercriminals who target hospitals and other critical infrastructure systems put lives at risk and should face appropriate consequences.
Testifying before the House Homeland Security Committee on Tuesday, Cynthia Kaiser urged lawmakers to also consider murder and manslaughter charges in cases where ransomware attacks cause death. Kaiser is now senior vice president of the Ransomware Research Center at Halycon, an anti-ransomware platform provider.
She spent two decades at the FBI, most recently as deputy assistant director in the FBI Cyber Division from 2022 to 2025.
“The people committing these crimes are not merely technical actors engaged in financial misconduct. They are predators, they are callous, and they are, in many cases, knowingly endangering and ending human lives,” Kaiser said.
Kaiser urged the departments of State, Justice, and Treasury to evaluate whether terrorism designation authorities under existing law apply to ransomware actors who knowingly and repeatedly target hospitals.
She said such designations could unlock a range of tools to hold perpetrators accountable, including sanctions, enhanced intelligence collection, and travel restrictions.
Current law defines terrorism as “acts dangerous to human life,” Kaiser noted. She said ransomware attacks that encrypt hospital systems and demand payment while patients are diverted should fall within that scope.
“But I’m not asking for a designation today. What I’m saying is that we need honest legal analysis towards that, looking at the existing law and determining if departments believe it meets those thresholds,” she told lawmakers.
“We’ve conducted legal analysis and have determined on our end that the language exists as it is now to be able to pursue this,” Kaiser said. “But the process by which they conduct those types of activities is something that needs to be arbitrated across all of the departments.”
Kaiser said she believes that the president’s recent executive order aimed at combating cybercrime “opens a broader spectrum for the attorney general to look at the most serious provable offenses and determine what weight they can bring to bear.”
Notably, Kaiser pointed to recent FBI research that revealed healthcare overtook all other critical sectors to become the single most targeted industry for ransomware last year.
According to the FBI, ransomware attacks against hospitals and medical facilities nearly doubled last year, from 238 attacks in 2024 to 460 in 2025. Attacks against critical manufacturing and financial services also increased, each by close to 40%.
“The worst of the worst, those targeting our hospitals, those who have caused documented deaths, those operating under the protection of hostile foreign governments, need to face consequences that match what they have done,” Kaiser said.
“These hackers are counting on incremental responses. Working together, let’s prove them wrong,” she added.