The healthcare industry sector is often considered a soft target for malicious actors. Having a large attack surface coupled with a focus directed toward patient care rather than security, often health organizations haven’t taken the necessary precautions to secure patient data or access to medical devices within their infrastructures. As the severity and the associated costs of cyber-attacks on entities within healthcare organizations continue to escalate, an increased effort within this industry to mitigate the risks associated with these vulnerabilities is necessary. This study seeks to present the most common types of healthcare attacks and their mitigation methodologies. Additionally, a discussion of how compliance with the GDPR in the European Union and the HIPPA regulation in the United States can positively affect a healthcare organization’s defensive posture.