If you don't have the budget, people or commitment from the executive team to support the cybersecurity initiatives required to protect your health systems what should you do?

Seems like an easy question. Is it a Norma Rae moment? Is it a grin and do the best you can moment? Is it a head in the sand moment, maybe the bad guys don't care about my little health system? 

I'd make it my first slide on every presentation to my superiors or board until they understand how important this is. Today I'm presenting on our new nurse call system. Let me tell you how we protect this system. We have to make the right investments in tools, people and processes in cybersecurity or we may as well not even implement the nurse call system. Here is the cost of securing our environment. You get the picture.

Today, what lessons do we learn from a health system that was ransomed?