Security is a concern for businesses and organizations of any type or size, but it is a particular issue for those in the medical sector. Not only do they have access to highly sensitive patient data, they often operate under unique constraints that make some common security practices less applicable (e.g. fail open to prevent patient harm). In this Small Talk, we will explore staffing, patient and provider access, medical devices, research versus care, outdated yet still used protocols, issues with supply chains, threat intelligence and information sharing, and of course user education.