Cyber risks are a key issue for enterprises such as hospitals, insurance companies, and other medical organisations. Theft of patient data can pose a considerable threat to medical organisations. Risk management is a significant component of protecting patient and pharmaceutical information. There are serious shortcomings in the regulatory models if these medical organisations are exposed to cybersecurity risks. While most models describe cyber risks in a “one-size fits all” model, excluding calibrations specific to cyber risks most likely to occur in the organisation, using risk management, cyber risk modelling, a strong framework, and standards found in the NIST can strengthen cyber risk management and prevention of cybersecurity risks. In this paper, we first introduced the principles of risk management and approaches to cybersecurity, then discussed cybersecurity in a large medical centre setting, risk management approaches, cyber risk modelling, applying a framework to the cyber risk program, and standards necessary to prevent risks.