Did you know HHS has a YouTube channel? Here's a recent posting explaining how your HIPAA Security Rule compliance activities will also help you avoid a cyberattack.
Obviously, if you've read anything on this site, you know that failure to do a Security Risk Analysis (which is specifically required by the Security Rule) is the number one thing that OCR cites when issuing fines. This makes sense, because (i) it's the number one thing that will help prevent you suffering a breach or other incident, (ii) a breach/incident is usually the thing that leads to an OCR investigation, and (iii) an investigation that shows failure to do a SRA will often end up with a fine and a compliance agreement.
Just as importantly, a cyberattack can ruin your business, and it's never good for your patients. Best to take the appropriate steps to avoid them.