Blog

Clearwater delivers cyber risk management solutions to hundreds of healthcare delivery organizations and their partners. The enormous data set of cyber risk information stored in our IRM|Analysis™ database enables us to capture deep insights surrounding current cyber threats and identify trends that will help inform and prepare organizations to Manage Cyber Risk Right. Clearwater’s IRM|Analysis™...

Private equity investments in the healthcare industry have been increasing dramatically. In the past three years alone, private equity deal values in the healthcare sector totaled $102B globally. Furthermore, the healthcare industry accounted for 18 percent of private equity deals in 2017, the highest percentage ever for the industry. There is strong private equity interest in the...

The Annual Safeguarding Health Information: Building Assurance through HIPAA Security Hosted by the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) took place late October in DC. This post will serve as Part two and will pick up from where I left off in my previous blog. Key takeaways: The...

The recent $16 million HIPAA settlement with Anthem, Inc. in the wake of the 2015 breach of nearly 79 million records, has been well publicized. In this case, the Office for Civil Rights (OCR) found that Anthem failed to take several basic security steps, including conducting a sufficient enterprise wide security risk assessment. A recent...

The Annual Safeguarding Health Information: Building Assurance through HIPAA Security Hosted by the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) took place last week in DC. In this post I will discuss key takeaways: Risk analysis continues to be a main focus of OCR enforcement OCR expects larger covered entities...

During a conversation over drinks with a number of CIOs at a recent healthcare conference, I discovered that the number one concern that keeps most healthcare executives up at night is the security of their medical devices. That was somewhat unexpected, especially following press-grabbing headlines last year about ‘WannaCry’ and other ransomware attacks rendering a...

Is there a more challenging position anywhere in information security than that of a healthcare organization’s cyber risk management leader? If there is, I can’t think of what it would be. Whether your title is CISO, CSO, CTO, CIO or some variation thereof, the task is daunting. As we mentioned in Part 1 of this series,...

Every day, it seems, cyber criminals figure out new ways to attack hospitals and compromise patient data and safety. As the number and intensity of cyber attacks on healthcare organizations increase, the task of establishing an effective cybersecurity program can seem overwhelming. The good news is that no matter where an organization is in developing...

  Healthcare CIOs, CISOs, and other information risk management leaders face daunting challenges when it comes to deciding where to apply their limited resources to make the biggest difference in their organization’s cyber risk posture. As I mentioned in my previous post, healthcare security leaders can be tempted by shiny new objects – i.e., new security...