Clearwater CyberIntelligence Institute®

Clearwater delivers cyber risk management solutions to hundreds of healthcare delivery organizations and their partners. The enormous data set of cyber risk information stored in our IRM|Analysis™ database enables us to capture deep insights surrounding current cyber threats and identify trends that will help inform and prepare organizations to Manage Cyber Risk Right.

Clearwater’s IRM|Analysis™ software facilitates and strengthens an organization’s cyber risk management program by providing an automated, scalable process for assessing, remediating and monitoring the security risks to the organization’s critical business systems and sensitive data while maintaining the evidence necessary for an audit or investigation. The Clearwater CyberIntelligence Institute®, using its advanced analytics and data mining capabilities, has discovered significant patterns from our database which has been populated by organizations over the last six years and contains millions of data risk records from hospitals, Integrated Delivery Networks (IDNs) and business associates.

The Problem with Passwords

Passwords are often one of the weakest links in security in ​any industry, but particularly ​problematic in healthcare. When a system has known authentication weaknesses, they can be used by Malicious Insiders or System Crackers to gain unauthorized access to sensitive data or potentially control access by others to that system.  ​

To determine the root causes for these weaknesses, Clearwater's CyberIntelligence Institute has analyzed specific authentication-related vulnerabilities in the IRM|Analysis database and compiled data-driven insights in a new bulletin you can access here.



Analyzing Careless Users, An Often Overlooked Threat

Many have written about how to mitigate the risks posed by malicious insiders. But what about the vulnerabilities associated with Careless Users? What actions can healthcare organizations take to better prevent a breach caused by internal negligence?

The Clearwater CyberIntelligence® Institute analyzed the Critical and High risks found in Clearwater’s IRM|Analysis™ database, specifically focusing on the Careless User threat source. The results of these analyses are summarized based on Clearwater’s comprehensive method of evaluating administrative, technical and physical vulnerabilities and presented in this edition of the Clearwater CyberIntelligence Institute Insight Bulletin to help healthcare organizations understand the vulnerabilities and weaknesses caused by Careless Users and the security measures that should be taken to defend against them.   ​


Highest Level of Security Weaknesses in Hospitals and Health Systems Uncovered

More than half (54%)* of all individuals affected by a healthcare information breach in the past twelve months were impacted by a breach that touched the affected organization’s server, according to data provided on the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information. According to the data, ninety (90) healthcare breaches — affecting more than nine million individuals—were related to servers in some way.




Most Common Security Weaknesses Found In Hospitals & Health Systems

Hospital Executives might direct their immediate attention to these top vulnerabilities and, perhaps, take immediate action to reduce their organization’s risk profile. We analyzed high and critical risks facing hospitals and health systems found in our database and summarized them based on Clearwater’s comprehensive method of evaluating administrative, technical and physical vulnerabilities. Based on this analysis, we discovered the three most common critical and high security risks found during a HIPAA Risk Analysis using our software were:

  • User Authentication Deficiencies
  • Endpoint Leakage
  • Excessive User Permissions
Common Security Weaknesses Found In Laptops  For Hospitals & Health Systems

Laptops quickly come to mind when security leaders think about potential vulnerabilities for their organization. They are highly portable, can be accessed remotely, and are at high risk for theft. CCI™ analyzed high and critical risks facing hospitals and health systems found in our database and summarized them based on Clearwater’s comprehensive method of evaluating administrative, technical, and physical vulnerabilities. Based on this analysis, we discovered that laptops, because of their vulnerabilities, rank 6th among sources of risk.

Let’s explore the top vulnerabilities putting laptops data at risk for hospitals and health systems:

  • Endpoint Data Loss
  • Excessive User Permissions
  • Dormant Accounts

About Clearwater

Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro® platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017, 2018, and 2019 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. 

How We Help Privacy and Security Professionals


Rely on our award-winning software to guide you through an effective cyber risk management process based on OCR guidelines and the NIST Cybersecurity Framework.


Years of direct front-line, real-world experience guarantee that our experts are a wise choice to help you implement all aspects of an effective HIPAA compliance program.


Strengthen your knowledge with our range of in-person and online educational opportunities. Create your own learning journey.