Boards today are focused on increasing emphasis on value based care and pricing pressures associated with physicians contracting. However, there is an increasing need to manage risk through an enterprise risk management framework. Given the operational and legal risks associated with data breaches, boards of directors of healthcare entities have incentives to be informed about cybersecurity risks and to devote substantial resources to addressing them. Furthermore, board members may be liable if they fail to exercise oversight with respect to their organization’s cybersecurity risks. During this discussion, we will help CISOs with best practices on how to engage with the Board around Cybersecurity.