One way is to simply include the risk in the matrix, but under patient harm state that there is none. Or have a harm scale that has not patient injury as one of the levels (for example, if you have 5 levels of harm, the lowest one could be no harm)
Another way is to have a cybersecurity risk matrix that is separate from your safety risk matrix, where you would identify all security related risks, regardless of patient risk. You could then transfer to the safety risk matrix those risks that result in harm.