Phishing, ransomware, hacking, and malware are cyber threats to PHI and other sensitive data which must be addressed. However, many healthcare organizations have limited resources to address these new and evolving threats while still maintaining regulatory compliance. Achieving “best practices” may not be a realistic goal. This session shares research along with the personal experience of the speaker, a recognized healthcare expert, and will explain the security safeguards and controls used across the vast spectrum of healthcare organizations to define the core prevailing practices based upon organizational size and complexity; from small clinical practices and critical access hospitals, through large health system and the complex environment of academic medical centers. Healthcare organizations are investing more in security. Therefore, it is critically important that the investments made to reduce the risks from cyber threats are spent wisely.