Healthcare industry is major target for cyberattacks, making the protection of public health information (PHI) and Personal Identifiable Information (PII) a prime issue. In this digital era, with health organizations shifting to electronic health records and telemedicine, they are facing a major cybersecurity attack such as ransomware, phishing, and data breaches. These attacks compromise patient privacy, pose serious risks to patient safety, and hinder healthcare operations. The Health Insurance Portability and Accountability Act (HIPAA) provides a comprehensive compliance framework to protect PHI, wherein health providers shall undertake administrative, physical and technical safeguards. Despite these regulations, many healthcare providers struggle with achieving and maintaining HIPAA compliance due to limited resources, outdated technologies, and the rapidly evolving nature of cyber threats. This paper explores the HIPAA compliance framework, examining the specific responsibilities of healthcare providers to secure PHI. Key measures taken include periodic analysis of risks, establishment of encryption and access control systems, and comprehensive employee training to minimize risks of cyber-attacks. The study highlights that there is a growing need for healthcare providers to adopt proactive, adaptive cybersecurity strategies to deal with emerging threats. By following HIPAA regulations and updating security practices continuously, healthcare providers can protect the PHI, ensure regulatory compliance and safeguarding patient trust. The findings emphasize the role of adhering to regulation and innovation both in managing cyber risks for the healthcare sector.