Medical facilities are attractive targets for cyber criminals because of their technological dependence and sensitive data. The Department of Health and Human Services, with input from industry, is establishing voluntary sector-specific cybersecurity performance goals.