Clearwater Partners with NSA Centers of Academic Excellence To Advance Cyber Defense Education Company’s IRM|Pro Software Prepares Students to Meet Healthcare Industry’s Need for Professionals Skilled in Enterprise Cyber Risk Management Aug. 22, 2019 NASHVILLE, Tenn. (Aug. 22, 2019) – Clearwater, the leading provider of cyber risk management and HIPAA compliance solutions, is addressing the […]Read More
Clearwater, a top-ranked provider of healthcare cyber risk software and consulting services, today announced the appointment of Cathie Brown as Vice President, Professional Services. Ms. Brown brings more than 30 years of experience in healthcare, health information technology, health information security and consulting.Read More
Clearwater Further Streamlines Enterprise Risk Analysis for Health Systems with Its Patent-Pending “Component Expert System” Technology
As the healthcare industry continues to be targeted by cyber attacks, Clearwater has released new, breakthrough technology that provides hospitals and health systems with a more intelligent view into all of the processes, people, locations, technology and components that can pose a data security risk to an information system. Clearwater’s new Component Expert System (CES), embedded in its IRM|Analysis™ software, enables hospitals and health systems to complete the security risk analysis (SRA) process more efficiently across the enterprise by logically grouping similar information system components based on their properties and associated controls. The patent-pending technology automatically identifies relevant cyber and information risk scenarios, thereby facilitating a more effective risk assessment process.Read More
Clearwater CyberIntelligence™ Institute Study Finds Laptops Still a Significant Data Security Risk for Hospitals and Health Systems
Endpoint data loss, excessive user permissions, and dormant accounts make up 70 percent of all high and critical risk scenarios for laptop vulnerabilities at hospitals and health systems across the country, according to new findings released by the Clearwater CyberIntelligence Institute (CCI), which leverages insights from Clearwater’s proprietary database—the industry’s largest and most complete database focused exclusively on the unique cybersecurity risk profiles of hospitals, Integrated Delivery Networks (IDNs) and business associates. Despite efforts to make laptops more secure, the CCI study found they remain a Top 10 cybersecurity risk for hospitals and health systems.Read More
Clearwater, Digital Reasoning Launch Strategic Multi-Year Cyber Risk Partnership Advancing AI, Machine Learning in Healthcare
NASHVILLE, Tenn.–(BUSINESS WIRE)–Clearwater and Digital Reasoning today announced a strategic three-year Cyber Risk Services partnership enabling healthcare providers to realize the results of artificial intelligence (AI) powered solutions supported by a proven and trusted cybersecurity and HIPAA compliance program.Read More
Top Three Most Common Health System Patient Data Security Weaknesses Revealed by Clearwater CyberIntelligence™ Institute
Top Three Most Common Health System Patient Data Security Weaknesses Revealed by Clearwater CyberIntelligence™Institute December 20, 2018 NASHVILLE, Tenn.–(BUSINESS WIRE)–The three most critical and common high-security cyber risks facing healthcare delivery organizations and their partners have been uncovered in a first-of-its-kind analysis by the Clearwater CyberIntelligence™ Institute (CCI). CCI was formed earlier this year to […]Read More
Clearwater and CyberMDX Announce Partnership to Address Healthcare Industry’s Weakest Link in ePHI Security Chain: Connected Medical Devices and IoT Equipment Innovative Approach Establishes Blueprint for Medical Device Security Programs to Help Protect Patients from Cybersecurity Threats and Vulnerabilities November 28, 2018 NASHVILLE, Tenn.–(BUSINESS WIRE)–Clearwater and CyberMDX have entered into a partnership to […]Read More
Clearwater Says New National Survey Findings A ‘Wake-up Call’ for Health System Cybersecurity CHIME HealthCare’s 2018 Most Wired Survey Cites Profound Need for Foundational Security and Disaster Recovery Measures October 31, 2018 SAN DIEGO & NASHVILLE, Tenn.–(BUSINESS WIRE)–In the wake of a record-breaking $16 million data breach settlement earlier this month that put insurers and […]Read More
In The News
Efforts by the federal Office of Civil Rights to investigate data breaches at healthcare organizations are of great concern to security and compliance officers at healthcare organizations.
Jon Moore, Chief Risk Officer at Clearwater Compliance LLC, based in Nashville, Tennessee, said the survey essentially reflected what he sees in the industry.
Although the healthcare industry has been notoriously resistant to change, its transformation at the hands of digitization has recently picked up pace.
In the first half of 2019, there were 223 reported breaches affecting 10.2 million individuals, an increase of 167% over the same period in 2018. These figures do not include the widely publicized American Medical Collections Agency breach, which is estimated to have affected at least 22 million individuals on its own.
In the case of American Medical Collection Agency’s (AMCA) highly publicized data breach, the cost proved unrecoverable as the 42-year-old parent company Retrieval-Masters Credit Bureau filed for bankruptcy just weeks after disclosing the breach.
Organizations should calculate the risk of a data breach, not only for covered entities but also for their business associates. A breach of your patient data will affect your organization, even if it’s by a business associate.
Many Chief Information Security Officers and Chief Compliance Officers often express concern to us about the potential disruption and cost that can come from an Office for Civil Rights (OCR) investigation, not to mention the reputational damage that will result from a settlement or monetary penalty. An appearance on the wall of shame is a mere blemish compared to the negative publicity of an OCR fine or settlement. However, the possibility of a State Attorney General (AG) action is often underestimated and overlooked. If a State AG enforcement is not top of mind for you and your board, it should be.