The healthcare industry experienced several high-profile data breaches and security incidents in 2018, leading to the loss of personal information on millions of patients and millions in fines. We reviewed the details of these incidents and derived several key practices security and risk (S&R) professionals in the healthcare industry can adopt today. Our goal is to help healthcare security leaders learn from their peers to more effectively prevent, detect, and respond to data breaches while meeting the requirements in a growing list of healthcare compliance regulations.