ABSTRACT
Health care organizations are a major target for cyberattacks. This is primarily due to their peculiar vulnerabilities and attractiveness to nefarious cyber actors. Data breaches from these attacks present a significant threat to the viability of health care organizations, ranging from financial losses to compromised patient safety. Cybersecurity insurance has become an essential tool for mitigating financial liabilities that may arise from breaches for many organizations. This paper reviews the current state of cybersecurity insurance adoption in the health care sector. It highlights best practices in cybersecurity insurance policy for health care organizations and recommends future directions to strengthen cybersecurity and improve cybersecurity insurance.