Clearwater CyberIntelligence Institute®
Clearwater delivers cyber risk management solutions to hundreds of healthcare delivery organizations and their partners. The enormous data set of cyber risk information stored in our IRM|Analysis® database enables us to capture deep insights surrounding current cyber threats and identify trends that will help inform and prepare organizations to Manage Cyber Risk Right.
Clearwater’s IRM|Analysis® software facilitates and strengthens an organization’s cyber risk management program by providing an automated, scalable process for assessing, remediating and monitoring the security risks to the organization’s critical business systems and sensitive data while maintaining the evidence necessary for an audit or investigation. The Clearwater CyberIntelligence Institute®, using its advanced analytics and data mining capabilities, has discovered significant patterns from our database which has been populated by organizations over the last six years and contains millions of data risk records from hospitals, Integrated Delivery Networks (IDNs) and business associates.
Analyzing the Teleworking Security Concerns Driven By COVID-19
With teleworking profoundly changing the way many organizations now conduct business, the Clearwater CyberIntelligence Institute® chose to analyze Security Controls found in its IRM|Analysis® database that specifically safeguard remote devices and operations to determine which of these were most often found deficient.
The results of these analyses are summarized based on Clearwater’s comprehensive method of evaluating administrative, technical and physical controls and presented in this new edition of the Clearwater CyberIntelligence Institute Insight Bulletin to help healthcare organizations reevaluate their susceptibility to the additional threats and vulnerabilities these new working conditions might present.
The Problem with Passwords
Passwords are often one of the weakest links in security in any industry, but particularly problematic in healthcare. When a system has known authentication weaknesses, they can be used by Malicious Insiders or System Crackers to gain unauthorized access to sensitive data or potentially control access by others to that system.
To determine the root causes for these weaknesses, Clearwater's CyberIntelligence Institute has analyzed specific authentication-related vulnerabilities in the IRM|Analysis database and compiled data-driven insights.
Analyzing Careless Users, An Often Overlooked Threat
Many have written about how to mitigate the risks posed by malicious insiders. But what about the vulnerabilities associated with Careless Users? What actions can healthcare organizations take to better prevent a breach caused by internal negligence?
Highest Level of Security Weaknesses in Hospitals and Health Systems Uncovered
More than half (54%)* of all individuals affected by a healthcare information breach in the past twelve months were impacted by a breach that touched the affected organization’s server, according to data provided on the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information. According to the data, ninety (90) healthcare breaches — affecting more than nine million individuals—were related to servers in some way.
Most Common Security Weaknesses Found In Hospitals & Health Systems
Hospital Executives might direct their immediate attention to these top vulnerabilities and, perhaps, take immediate action to reduce their organization’s risk profile. We analyzed high and critical risks facing hospitals and health systems found in our database and summarized them based on Clearwater’s comprehensive method of evaluating administrative, technical and physical vulnerabilities. Based on this analysis, we discovered the three most common critical and high security risks found during a HIPAA Risk Analysis using our software were:
- User Authentication Deficiencies
- Endpoint Leakage
- Excessive User Permissions
Common Security Weaknesses Found In Laptops For Hospitals & Health Systems
Laptops quickly come to mind when security leaders think about potential vulnerabilities for their organization. They are highly portable, can be accessed remotely, and are at high risk for theft. CCI™ analyzed high and critical risks facing hospitals and health systems found in our database and summarized them based on Clearwater’s comprehensive method of evaluating administrative, technical, and physical vulnerabilities. Based on this analysis, we discovered that laptops, because of their vulnerabilities, rank 6th among sources of risk.
Let’s explore the top vulnerabilities putting laptops data at risk for hospitals and health systems:
- Endpoint Data Loss
- Excessive User Permissions
- Dormant Accounts
Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro® platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017, 2018, and 2019 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions.
How We Help Privacy and Security Professionals
Rely on our award-winning software to guide you through an effective cyber risk management process based on OCR guidelines and the NIST Cybersecurity Framework.
Years of direct front-line, real-world experience guarantee that our experts are a wise choice to help you implement all aspects of an effective HIPAA compliance program.
Strengthen your knowledge with our range of in-person and online educational opportunities. Create your own learning journey.
Popular Solutions for Privacy Professionals
- Clearwater HIPAA Security Assessment
- Clearwater HIPAA Risk Analysis
- Clearwater HIPAA Privacy and Breach Notification Assessment WorkShop™
- Clearwater Secure Online Data Protection
- Clearwater 10 Point Strategic HIPAA Compliance Assessment™
- HIPAA Strategic Advisory Services
- Clearwater HIPAA and Cyber Risk Management BootCamp™
- Clearwater Workforce Training
- Policies and Procedures
- IRM|Pro® HIPAA Compliance Software
In addition to the solutions listed here, we offer a full range of consulting services tailored to suit your needs. Contact our team today to discuss your requirements.
- Unsecured Database Exposed on Web – Then Deleted - August 12, 2020
- From Risk Analysis to Risk Response | How to respond to your identified cyber risks: September 23, 2020 | 11:00am–12:00pm CT - August 6, 2020
- Performing an Enterprise-Wide Risk Analysis in Changing Environments: September 16, 2020 | 11:00am–12:00pm CT - August 5, 2020