It is no surprise that healthcare remains a highly targeted industry by cybersecurity threat actors. Healthcare data is very valuable, many vulnerable legacy systems still exist, and the shared use of data across many organizations creates more avenues to identify weaknesses to exploit. The recent high-profile examples of multiweek-long system outages at several health systems and increases of threats such as ransomware attacks have hospital boards and executives reevaluating how much to invest to effectively manage cybersecurity risks, while balancing other critical decisions related to core operations and other patient care initiatives.