Healthcare organizations have made progress in defending against cyber attacks, but more needs to be done to improve cyber resilience. While the number of attacks more than doubled, security teams reduced the rate of successful attacks from 30% to 13%. To further strengthen defenses, organizations should focus on basics like asset protection, employ advanced technologies to automate responses, conduct proactive threat hunting, and ensure the CISO role evolves to address new business demands. With continued investments and transformations, organizations could achieve full cyber resilience within two to three years.