Hospitals at risk if cybersecurity law expires, former FBI leader says
The expiration of a 2015 federal cybersecurity law could put hospitals and health systems at risk for more cyberattacks, a former FBI leader wrote in Fortune.
The Cybersecurity Information Sharing Act of 2015, which lapses 30 September has enabled quick threat-intelligence sharing between government and businesses, including thousands this year alone, preventing “countless” hacks over the past decade, according to the 17 August article by Cynthia Kaiser, former deputy director of the FBI’s cyber department.
“If information sharing degrades after CISA 2015’s sunset, hospitals — and all other critical infrastructure — very likely will lose crucial early warnings about ransomware variants and other attack methods,” she wrote. “When a hospital’s systems are threatened, rapid information sharing matters. Minutes count in medical emergencies, and delays can be fatal.”
Ms. Kaiser pointed to research from Minneapolis and St. Paul, Minn.-based University of Minnesota that estimated ransomware attacks killed between 42 and 67 Medicare patients from 2016 to 2021.
Source: Becker's Hospital Review, 18 August 2025