Over the past year, healthcare has been under assault from bad actors, yet has had important bright spots that highlight the progress being made. WannaCry impacted 20% of UK healthcare trusts, and Nyetya/NotPetya hurt patient care Ukranian hospitals for days. Meanwhile, FDA guidance and workshops made clear their expectation that medical device makers will engage with the security research community, and a high-profile example proved the value of collaboration to protect patient safety.