Lawmakers Consider Severe Penalties for Ransomware Attacks on Hospitals

Severity: High (Score: 66.5)

Sources: Theregister, Cyberscoop, www.technologyreview.com, securityandtechnology.org, www.sans.org

Summary

On April 21, 2026, U.S. lawmakers discussed potential new penalties for ransomware attacks targeting hospitals, including designating such attacks as terrorism and pursuing homicide charges for resulting deaths. The House Homeland Security Committee hearing highlighted a significant increase in ransomware incidents within the healthcare sector, with attacks doubling from 238 in 2024 to 460 in 2025. Cynthia Kaiser, a former FBI official, emphasized the need for harsher penalties, arguing that current laws are insufficient to deter attackers. The discussion was partly influenced by a recent German case where a ransomware attack disrupted care, leading to a patient's death, although authorities later determined the patient's poor health was the primary cause. Despite this, experts warn that it is only a matter of time before a cyberattack directly causes fatalities. The proposals align with broader trends in U.S. cyber policy, which seeks to adopt a more aggressive stance against cybercriminals. Key Points: • Ransomware attacks on hospitals increased from 238 in 2024 to 460 in 2025. • Lawmakers are considering classifying ransomware attacks as terrorism. • A German case investigated the link between ransomware and patient death but found no direct causation.

Key Entities

• Ransomware (attack_type)
• Government (industry)
• Healthcare (industry)
• T1486 - Data Encrypted for Impact (mitre_attack)