Cybersecurity is of increasing importance to health care organizations, given the growing trend of enforcement and increasing penalties. President Obama’s Executive Order 13636: Improving Critical Infrastructure Cybersecurity included “the incapacity or destruction of [] systems and assets [that] would have a debilitating impact on . . . national public health or safety” as part of the “critical infrastructure” of the United States. On the anniversary of this Executive Order, the U.S. Commerce Department’s National Institute of Standards and Technology (NIST) released a Framework for Improving Critical Infrastructure Cybersecurity (Framework) that provides a structure that organizations, regulators and customers engaged in the nation’s critical infrastructure can use to create, guide, assess or improve comprehensive cybersecurity programs.