Recent prominent breaches at healthcare organizations have proven that the healthcare sector is a primary target for financially motivated threat actors. The extended recovery times associated with these incidents have demonstrated that there exists opportunities for improvement in the incident response and management programs. Using the NIST incident response framework as a template, we will highlight improvements in preparation, detection, containment, and recovery phases as applicable to the healthcare sector. Healthcare is a critical industry quite literally impacting people’s lives. Ensuring that this important service is available to the public at all times is a necessity. Through the changes suggested in this talk, an incident response program will be able to meet goals of confidentiality, integrity, and availability. To highlight an example of the talk, we will discuss building automations through a Security Orchestration and Response tool to automate containment of suspected infected hosts.