Ransomware hits anyone it can. In 2023, MGM Resorts reported a $100 million dollar loss largely attributed to ransomware. But between hotels and hospitals, the latter has far more valuable information — and criminals know it.
That’s why the healthcare industry has been a primary target for about as long as online digital infrastructure has existed. In fact, the number of attacks aimed at hospitals and other parts of the sector has been only growing. Some sources claim the attacks are growing at around 15% a year, while others claim a striking 128% in 2024.
In any case, everyone agrees the problem is getting worse.
The Big Picture for Healthcare Cyber Security in 2025
Both lives and fortunes depend on the integrity and protection of healthcare information. But is our current approach to the problem going to cut it? Will things work out if we hold the course?
Paul Nakasone doesn’t think so. Paul’s a retired four star general who led America’s Cyber Command for about half a decade, during which time he protected the government from every type of digital threat imaginable. In the years since his retirement, he has become the founding director for the Vanderbilt University Institute of National Security.
Help for the Small Guy
Chief Healthcare Executive’s coverage Paul’s recent remarks made a few things clear. First and foremost, healthcare cyber security in 2025 presents growing risks for smaller operations, like rural hospitals, that don’t have the resources to defend against sophisticated cyber threats. Nakasone strongly advocates for a larger government role in protecting the healthcare sector from these attacks, emphasizing that the return on investment for robust cybersecurity measures is too valuable to ignore.
Another thing Nakasone strongly advocated for was an increase in the number of clinicians who have a background in tech. Understanding how the bureaucratic processes works, Paul would like to see policy makers with a background in coding, and the coders who are creating clinical platforms to have a background in policy.
A New Strategy
Above all, Nakasone’s message boils down to what most of us already knew. A little prevention is more valuable than a lot of cure. In the case of any given ransomware attack, it’s often the case that a relatively small security expense would have prevented or severely mitigated the problem.
It may or may not be a good idea for the government to take a more active role in protecting healthcare information. But in the meantime, we have to protect ourselves. While there are no silver bullets for these kinds of problems, a good starting point is understanding the security features of the tools you’re using.
