Public policy enacted to reduce the impacts of disasters have not adequately addressed the threats that arise from the growing dependence American healthcare has on connected technology. Limited resources, a complex and evolving organizational hierarchy, immature regulation, and a relatively unfamiliar threat model without a significant foundation of evidence-based research all combine to present a challenge for the individual healthcare delivery organization or public health system preparing for a cybersecurity-related incident. Additionally, appropriate tools to capture and attribute the true medical impacts of these events are still lacking. The current legal and regulatory landscape, including HIPAA and CMS regulations, provide a needed foundation, but recent incidents have demonstrated the importance of a more robust and evidence-based framework to combat healthcare cybercrime. Suggestions for future regulations to improve safety include improved event reporting and information sharing, improved tools for investigation and prosecution of cybercrimes, and federal training and response to cybersecurity events in ways similar to other disasters. The advances in disaster planning and management for conventional public health emergencies provide a roadmap for improving readiness in the cybersecurity arena. Additionally, prevention and risk reduction through various strategies, including end-user education, regular patching, and discontinued use of unsupported software and devices, are essential to improving healthcare cybersecurity. Thus, cybersecurity improvements will ultimately improve the health of patients. Further research should address the epidemiology of clinical cybersecurity incidents and characterize the effect they have on patient care capabilities and subsequent clinical outcomes. Best practices should be developed not only by information security professionals, but by multidisciplinary groups including clinicians, health system administrators, and policymakers.