Updated on 17 March 2025
AI in healthcare security demands immediate attention and new strategies, according to former National Security Agency Director General Paul Nakasone. At the HIMSS25 conference, he outlined how AI in healthcare security must evolve through adaptation and collaboration. Healthcare organisations face unprecedented security challenges that require innovative AI in healthcare security approaches.
AI in Healthcare Security: A Critical Moment for the Sector
The healthcare sector stands at a “Sputnik moment” regarding AI integration, Nakasone explained. During his keynote address, he highlighted how AI technologies are already transforming healthcare delivery, management, and security.
“Most importantly, how do we think about today, the present, and of course, the future?” Nakasone asked attendees. His question underscores the urgency for healthcare leaders to develop strategies that harness AI’s potential while addressing its challenges.
As founding director of Vanderbilt University’s Institute of National Security and a member of OpenAI’s safety and security committee, Nakasone brings valuable cross-domain expertise to this discussion. His experience defending Department of Defense networks from 2018 to 2024 provides relevant insights for healthcare’s growing cybersecurity concerns.
Three Motivations for Healthcare Innovation
Nakasone shared three personal connections that brought him to the HIMSS25 stage:
- His wife’s career as an oncology nurse
- His firsthand experience with the Arlington Fire Department’s response at the Pentagon on 9/11
- The military’s “golden hour” promise of battlefield medical care
The “golden hour” concept particularly resonates with healthcare’s mission. “Any place that you are on the battlefield, if you are significantly wounded, you will have care within an hour that will likely save your life – 95% of those that are tragically wounded are saved based upon this concept,” he explained.
These motivations highlight the life-saving potential of combining AI with healthcare expertise.
Adapting to Technological Disruption
Drawing parallels with the iPhone’s revolutionary impact, Nakasone observed: “Those that adapted and adopted had an incredible run based upon the capability to see a disruptive technology.” Conversely, “those that were avoiders had a much more difficult time.”
This historical perspective offers a valuable lesson for healthcare organisations facing AI integration decisions. The sector must decide how to proceed in what Nakasone describes as a “rapidly evolving landscape of technology change.”
AI’s healthcare applications already include:
- Discovering new medications and improving existing ones
- Early disease detection, including breast cancer
- Improved risk management
- Lower administrative costs
“We need to adapt,” Nakasone urged. “We need to adopt, and we need to advance those healthcare providers that can ensure the accuracy, that can streamline the operations and can offer this healthcare to our patients.”
AI as Clinical Support, Not Replacement
While emphasising AI’s transformative potential, Nakasone firmly believes it won’t replace healthcare professionals. Instead, he envisions AI amplifying human capabilities.
“The smart, adaptive, instinctive feel that I get from my clinician when I see them, why not combine that with the incredible large language models that provide them a step up?” he suggested.
Combining natural language processing with electronic health records could revolutionise treatment plans, improve efficiencies, and reduce costs. However, Nakasone acknowledged that policy development for healthcare AI integration remains in the “early stages.”
“We will get through being able to improve our drug discovery and our disease detection, and we’ll get through being able to understand how we do this with the FDA,” he noted. Critically, he added that “a degree of training and education must underpin everything that we do.”
Strengthening AI in Healthcare Security Against Cyber Threats
Healthcare faces unprecedented AI in healthcare security challenges, with Nakasone noting that no other critical infrastructure sector has been hit harder by ransomware. These attacks cost healthcare organisations approximately $1.9 million per day in lost revenue, highlighting the urgent need for improved AI in healthcare security solutions.
During the COVID-19 pandemic, Nakasone was called upon to apply NSA resources to Operation Warp Speed, ensuring that vaccine development and distribution remained secure. This experience taught him the value of “radical partnerships” between government, healthcare, and technology sectors.
After reading Microsoft’s new Rural Hospital Cybersecurity Landscape Report, Nakasone immediately thought: “We need some type of centre that can provide, first of all, threat information. Rapidly.”
AI in Healthcare Security: Lessons from Defense Sector
The NSA’s Cybersecurity Collaboration Center, established in 2020, provides a model for healthcare security. By offering scanning, secure email, and protective DNS to the Defense Industrial Base, the NSA dramatically reduced intrusions at a reasonable cost.
“The number of intrusions in the defense industrial base dropped dramatically. You know how much that cost us? £10 million a year,” Nakasone revealed. This investment produced returns far exceeding its cost by preventing costly breaches.
He proposed applying this successful approach to healthcare: “Why don’t we do the same thing with rural healthcare? Why don’t we do that with healthcare in general?”
Specifically, Nakasone suggested providing major health providers and their partners with scanning capabilities, protective DNS, and secure email systems. These measures would “make the bar much higher for attackers to come into” healthcare networks.
His practical advice for organisations: “You don’t have to be the fastest gazelle in the jungle to maintain your security in cyberspace, but you just can’t be the slowest.”
Preparing the Healthcare Workforce for AI
Beyond technological solutions, Nakasone addressed the critical human element in healthcare AI integration. He highlighted the national shortage of technical talent and the demographic shift occurring in the workforce.
“In five years, Gen Z will replace millennials as the highest percentage of our federal workforce,” he noted. This changing demographic requires new approaches to talent development and retention.
For healthcare specifically, Nakasone envisions cross-disciplinary expertise: “I often say in the future, I want policymakers who can code and coders who understand policy. Wouldn’t it be nice to have clinicians who code? Coders who understand what clinicians do?”
To build this future workforce, he expressed hope for “some type of National Defense Education Act that looks at technology for the future.” Such initiatives would help develop professionals capable of navigating AI integration in healthcare while maintaining robust security practices.
Taking “Microsteps” Toward AI Integration
Throughout his address, Nakasone emphasised a practical approach to AI adoption in healthcare. Rather than attempting massive transformations immediately, he advocated for incremental progress: “We all must be willing to take a few microsteps.”
This measured approach acknowledges both the tremendous potential and significant challenges of AI in healthcare. By taking deliberate steps forward while prioritising security, healthcare organisations can navigate this technological transition successfully.
For healthcare leaders, Nakasone’s message combines optimism about AI’s transformative potential with pragmatic advice about implementation. The industry must embrace change while building robust security protections and developing a workforce equipped for this new technological landscape.
Key Takeaways
- Healthcare faces a critical “Sputnik moment” in AI adoption, requiring organisations to adapt to and advance these technologies rather than avoid them.
- AI will not replace healthcare professionals but can significantly enhance clinical capabilities, improve efficiencies, and reduce costs when properly implemented.
- Healthcare has been hit harder by ransomware than any other critical infrastructure sector, costing approximately £1.9 million per day in lost revenue.
- A security model similar to the NSA’s Cybersecurity Collaboration Center could drastically reduce healthcare cyberattacks at a reasonable cost of implementation.
- The future healthcare workforce needs cross-disciplinary expertise—professionals who understand both clinical practice and technology—to successfully navigate AI integration.
