Since the original article, multiple major data breaches have surfaced across different sectors, including a French government ID agency losing 19 million records, an education breach affecting millions of students, and an ADT security systems breach. Additionally, Missouri regulators are now investigating Conduent for allegedly obstructing a state data breach investigation, suggesting growing regulatory pressure on companies handling sensitive information. These incidents underscore the expanding scope of cybersecurity threats beyond hospitals, reinforcing arguments for stricter government enforcement.
The Medusa ransomware gang has claimed responsibility for attacking the University of Mississippi Medical Center and a New Jersey county, demonstrating the real-world threat that prompted the former FBI official's proposal. These latest incidents show hospital systems continue to be targeted despite growing awareness of the risks, with the attacks affecting both major medical institutions and local government healthcare operations.
Hackers just locked up a major Mississippi hospital and a New Jersey county office. A former FBI cybersecurity leader now says we should treat these criminals exactly like terrorists.
Here's what happened: A ransomware gang called Medusa encrypted files at the University of Mississippi Medical Center and a New Jersey county, then demanded money to unlock them. Ransomware is basically a type of virus that locks your files until you pay money. Doctors couldn't access patient records. Staff had to delay surgeries. Patient data—names, medical histories, insurance information—got stolen.
Why the terrorism comparison? Think of it like this: if someone blocks the roads to a hospital, we'd call it a serious crime. Ransomware does the same thing digitally, except it affects thousands of patients at once and puts lives at risk. A former FBI official argues the government should label hospital ransomware attacks as terrorism because they're clearly designed to hurt civilians and disrupt critical services.
Right now, ransomware attacks on hospitals happen constantly but don't face the same legal penalties as terrorism charges. The proposal would change that—making it tougher to prosecute hackers and potentially giving law enforcement more power to hunt them internationally.
This matters because hospitals are soft targets. They run old computer systems, have tight budgets for cybersecurity, and can't afford to go offline. Hackers know hospitals will pay ransom quickly to restore patient care.
What you should do today: If you use a hospital or have medical records anywhere, ask them directly about their ransomware protections. Request written confirmation they have backups of your data and a plan if they get hacked. For your own devices, enable automatic backups to an external drive, use strong passwords on medical portals, and never click suspicious email links claiming to be from your doctor's office.