National security leader calls for new approach on cybersecurity | HIMSS 2025
Retired General Paul Nakasone suggests a need to think differently and wants a bigger, younger talent pool to protect healthcare providers from ransomware attacks.
Las Vegas – Ransomware attacks aimed at the healthcare sector are growing worldwide, and Paul Nakasone says it’s time for a different approach.
Retired General Paul Nakasone called for bigger investments and greater efforts to train young people in cybersecurity and AI at the HIMSS 2025 conference in Las Vegas Wednesday.
A retired four-star Army general, Paul M. Nakasone led the U.S. Cyber Command for nearly six years before retiring in February 2024. He oversaw the government’s cybersecurity defenses against grave and evolving threats from attackers across the globe.
Citing his deep experience in the field, Nakasone called for new approaches to bolstering cybersecurity in health care during a keynote address Wednesday at the HIMSS Global Health Conference & Exhibition.
Among all critical infrastructure, health systems and providers are the prime target for cyberattacks. He said there was a 15% increase in ransomware attacks aimed at healthcare worldwide.
“No other sector has been hit harder by ransomware,” Nakasone said.
“Last year was a tremendously difficult year for the healthcare industry in terms of ransomware,” he said. “This is the scourge of what we're facing in the industry today.”
Attacks on rural hospitals can be particularly devastating, because they typically don’t have the resources to invest significantly in cybersecurity. He pointed to a new report that Microsoft released Wednesday on the impact of attacks on rural hospitals.
“We have to get beyond just talking about the problem of ransomware,” Nakasone said.
“We have to do something different. I feel today that a ransomware attack happens right here, and we're always on the right-hand side talking about what occurred. I want to talk about how to get on the left-hand side, so we don't have these ransomware attacks.”
During his time with the U.S. Cyber Command, the National Security Agency set up a cybersecurity collaboration center to assist the many companies that work with the Department of Defense. It exists outside the NSA and offers expert (and non-classified) advice and guidance to help protect companies doing critical work for the national defense.
Nakasone said that the national security investment required a $10 million investment from the military. But that investment has paid big dividends, he said.
“A small ounce of prevention is always better than a pound of performance,” he said.
“Ten million has dropped dramatically the intrusions, the scans and the attacks on the defense industrial base.”
Such an approach should be taken to protect the healthcare industry, he said.
As Nakasone said, “Why don't we do the same thing for rural health care? Why don't we do with health care in general?”
Such steps could help health systems and hospitals, particularly rural hospitals, defend against ransomware attacks, or at least improve their chances.
“You don't have to be the fastest gazelle in the jungle to maintain your security in cyberspace, but you just can't be the slowest,” Nakasone said.
Nakasone talked about the need to develop a much larger, younger workforce with capabilities of cybersecurity and AI.
Looking at those working in cybersecurity in the federal government, the number of those over the age of 50 is 15 times higher than those under the age of 30.
“That has to change,” Nakasone said.
He called for a national initiative to develop more people with the skills needed for an evolving tech economy for national security, health care and other key sectors.
“We need the capability to ensure that the next generation of those that are working in our government, and our key industries, have data science, have an ability to code, understand quantum, understand machine languages, understand the fact that the knowledge, skills and abilities that got us to where we're at today are completely different for the future,” Nakasone said.
“We have to be much more aggressive in investing in our talent,” he continued. “I'm very hopeful that we will have some type of National Defense Education Act that looks at technology for the future in the same way that we had a Sputnik moment in the 50s, and the result was a huge number of math and science graduates.”
Nakasone also said he’d like to see more clinicians working in technology.
“I often say, in the future, I want policy makers who can code and coders who understand policy,” Nakasone said. “So wouldn't it be nice to have clinicians who code?”
After retiring from the military, Nakasone took on a new role as the founding director of the Vanderbilt University Institute of National Security.
“We have a number of different technologies that are going to dramatically impact our national security. I saw it. Whether or not it's AI, cyber security or quantum, these are things that are going to remake how we look at ourselves in the world,” he said.
Nakasone also spoke of the arrival of an inflection point of disruptive technologies, including AI and its potential to change patient care and help organizations become more efficient.
‘I'm pleased that much of the healthcare professional has started to embrace AI and is starting to understand the challenges of cyber,” he said. “But there is more that we have to do.”
Telehealth faces a looming deadline in Washington | Healthy Bottom Line podcast
February 12th 2025Once again, the clock is ticking on waivers for telemedicine and hospital-at-home programs. Kyle Zebley of the American Telemedicine Association talks about the push on Congress and the White House.
