Clearwater

News Room

healthcare info sec

Misconfigured IT (Again) Leads to Big Health Data Breach

May 22, 2019

An all-too-common type of data security mistake – a misconfigured IT setting – has landed a Puerto Rico-based clearinghouse and cloud software services provider at the top of federal regulators’ list of largest health data breaches so far this year, in an incident impacting nearly 1.6 million individuals.

Read More
healthcare info sec

Laid Off Worker Pleads Guilty in Medicaid Incident | Former Employee at Contractor Damaged Oregon Medicaid System After Losing Job

May 9, 2019

A former Hewlett Packard Enterprise worker has pleaded guilty in federal court to intentionally damaging an Oregon Medicaid system and causing it to fail a few days after he was laid off by the vendor.

Read More
axios

Health & Human Services Lowers Fines for HIPAA Violations

May 2, 2019

The Department of Health and Human Services reduced its fines for violations of HIPAA — the law requiring health care industries to protect customer data, according to a notice this week in the Federal Register. Driving the news: The new rules reduce a maximum fine of $1.5 million to a maximum fine of $250,000.

Read More
healthcare info sec

HHS Lowers Some HIPAA Fines | Experts Weigh In on Potential Impact of the Changes

April 29, 2019

The Department of Health and Human Services is lowering its top fines for less egregious HIPAA violations. Meanwhile, it’s pledging to make a “big push” to enforce patients’ right to access their health records. HHS will keep its revised interpretation of the HITECH Act penalty caps in mind “for all enforcement operations,” says Roger Severino, director of the HHS Office for Civil Rights, which enforces HIPAA.

Read More
Texas Public Radio

Texas Attracts Most Healthcare Data Hacks But It Is Fighting Back

April 9, 2019

Cybercriminals stole the health records of more than 9 million Americans last year, according to data from U.S. Health and Human Services. The data collected includes breaches from hospitals, health insurers and other health organizations covered by the Health Insurance Portability and Accountability Act, which makes breaches public when they affect more than 500 people.

Read More
Health Data Management

Laptop Vulnerabilities Still Pose Great Security Risk to Health Data

March 8, 2019

New research from the Clearwater Cyber Intelligence Institute finds that laptop computers continue to present a substantial data security risk for the healthcare industry. Clearwater operates a database that holds millions of risk records from hospitals, delivery systems, and business associates. Data mining and informatics teams at the firm use analytics to identify common security weaknesses in provider organizations, insurance companies, and other entities.

Read More
HealthITSecurity

Laptops Pose Serious Data Security Risk to Hospitals, Health Systems

March 4, 2019

Hospitals and health systems are continuing to struggle with laptop vulnerabilities, caused primarily by endpoint data loss, excessive user permissions, and dormant accounts, according to new findings from Clearwater CyberIntelligence Institute. In fact, 70 percent of all high and critical risk scenarios for laptop vulnerabilities were caused by those risk areas. CCI researchers analyzed data from Clearwater’s proprietary database, which is exclusively focused on cybersecurity risks to hospitals, Integrated Delivery Networks, and business associates.

Read More
Journalof AHIMA_logo_big

Security Risk Analyses Can Offer Significant Findings by Wes Morris

March 1, 2019

ONE OF THE critical information governance (IG) functions is successful execution of an organization’s privacy and security responsibilities. Chief among these responsibilities is to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information(ePHI). This assessment is a foundation upon which other security processes will depend. Poor or non-existent risk analysis processes have been a finding in 89 percent of settlement agreements and civil money penalties imposed by the US Department of Health and Human Services’ Office for Civil Rights (OCR). In 2018 alone, the cost was over $24 million for organizations that failed to implement effective risk analysis or risk management processes.

Read More

Press Releases

Clearwater Adds Cybersecurity Expert Cathie Brown as Vice President of Professional Services

Clearwater, a top-ranked provider of healthcare cyber risk software and consulting services, today announced the appointment of Cathie Brown as Vice President, Professional Services. Ms. Brown brings more than 30 years of experience in healthcare, health information technology, health information security and consulting.

Clearwater Further Streamlines Enterprise Risk Analysis for Health Systems with Its Patent-Pending “Component Expert System” Technology

As the healthcare industry continues to be targeted by cyber attacks, Clearwater has released new, breakthrough technology that provides hospitals and health systems with a more intelligent view into all of the processes, people, locations, technology and components that can pose a data security risk to an information system. Clearwater’s new Component Expert System (CES), embedded in its IRM|Analysis™ software, enables hospitals and health systems to complete the security risk analysis (SRA) process more efficiently across the enterprise by logically grouping similar information system components based on their properties and associated controls. The patent-pending technology automatically identifies relevant cyber and information risk scenarios, thereby facilitating a more effective risk assessment process.

Company Blog

Key Takeaways From Breakfast & Breaches™ | D.C.

Clearwater’s recent Breakfast & Breaches event in Washington, DC brought together an outstanding group of leaders with unique insight on the growing problem of how to keep protected health information secure. Drawing on their combined decades of experience working across the compliance spectrum, our panelists and moderator challenged the audience’s thinking with regard to how their organizations analyze and manage risks.

Highest Level of Security Weaknesses in Hospitals and Health Systems Uncovered

More than half (54%)* of all individuals affected by a healthcare information breach in the past twelve months were impacted by a breach that touched the affected organization’s server, according to data provided on the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information. According to the data, ninety (90) healthcare breaches — affecting more than nine million individuals—were related to servers in some way.

Managing Third-Party Information Security Risk

Clinical laboratory provider Quest Diagnostics recently acknowledged that a billings collections vendor it works with suffered a data breach on its web payment system that may have exposed information of nearly 12 million of Quest’s patients. The third-party company, Elmsford, N.Y.-based American Medical Collection Agency (AMCA), is contracted with Optum360 LLC, which in turn provides payment services to Quest.

Interested in how the solutions featured in this case study could help your organization?