One thing I’ve noticed is that healthcare organizations are increasingly adopting a risk-based approach to cybersecurity, which helps them balance protecting patient data with the constraints of legacy systems. Many hospitals are using frameworks like NIST’s and aligning with HIPAA while customizing them for their unique operational challenges. For instance, segmentation of networks and advanced monitoring can be effective when old devices can’t be easily updated. Also, considering incident response plans that include ransomware scenarios seems to be gaining traction. It might be helpful to check out some resources from organizations like HIMSS or even specific case studies on how hospitals have adapted these frameworks under real-world conditions.