Insights and Resources for Healthcare Organizations


As the leader in Healthcare Cyber Risk Management and HIPAA Compliance trusted by thousands of hospitals, health systems, medical device manufacturers, and health IT companies across the country, Clearwater is well equipped to assist organizations as they navigate new threats and vulnerabilities brought on by the COVID-19 outbreak. Below, our team of experts shares insight on the key security and privacy concerns facing healthcare organizations during this time of crisis. We also provide resources that may be helpful in assessing and managing the outbreak’s impact on your organization.

Clearwater Insights

Telehealth Insecurities
Telehealth Insecurity: Evaluating Emerging Threats and Risk Response
Telehealth Insecurity: Evaluating Emerging Threats and Risk Response The past few months have seen a marked increase in cybercrime activities aimed at exploiting the chaos...
Performing OCR-Quality Risk Analysis™ on New Systems and Processes
Performing OCR-Quality Risk Analysis™ on New Systems and Processes
Performing OCR-Quality Risk Analysis™ on New Systems and Processes In the wake of the COVID-19 pandemic, healthcare organizations have seen a large percentage of their...
Responding to OCR’s Notice of Enforcement Discretion for Telehealth Remote Communications
Responding to OCR’s Notice of Enforcement Discretion for Telehealth Remote Communications
Responding to OCR’s Notice of Enforcement Discretion for Telehealth Remote Communications By, Wes Morris, Managing Principal Consultant and Dawn Morgenstern, Senior Principal Consultant The Office for...
Blog-Posts-Jon-Moore-Telehealth
Identifying and Implementing Appropriate Security Controls in Your Telehealth Architecture
Identifying and Implementing Appropriate Security Controls in Your Telehealth Architecture The recently passed Coronavirus Aid, Relief and Economic Security (CARES) Act provides a $300 million...
A Limited Waiver of Sanctions for the HIPAA Privacy Rule
A Limited Waiver of Sanctions for the HIPAA Privacy Rule Does Not Mean Covered Entities Can Ignore Their Responsibilities
A Limited Waiver of Sanctions for the HIPAA Privacy Rule Does Not Mean Covered Entities Can Ignore Their Responsibilities Wes Morris, Managing Principal Consultant Dawn...
covid19-Blog Posts-bg
Clearwater COVID-19 Cybersecurity Advisory: Analyzing and Responding to Risks Resulting from Work- from-Home Environments
Clearwater COVID-19 Cybersecurity Advisory: Analyzing and Responding to Risks Resulting from Work- from-Home Environments Clearwater Customers can perform risk assessment using their existing IRM|Analysis™ software...
Securing Telehealth
Security Considerations for Deploying Telehealth and Remote Patient Monitoring Systems
Security Considerations for Deploying Telehealth and Remote Patient Monitoring Systems By  George W. Jackson, Jr., MBA, Ph.D., HCISPP, CISSP, CRISC, PMP In a time of...
Continuity and COVID-19
Continuity and COVID-19
Continuity and COVID-19 By Cathie Brown Vice President, Consulting Services Regardless of the news source of choice, information regarding the outbreak of COVID-19 is everywhere....

Clearwater Resources

Analyzing the Teleworking Security Concerns Driven By COVID-19 

With teleworking profoundly changing the way many organizations now conduct business, the Clearwater CyberIntelligence Institute® chose to analyze Security Controls found in its IRM|Analysis™ database that specifically safeguard remote devices and operations to determine which of these were most often found deficient.  

The results of these analyses are summarized based on Clearwater’s comprehensive method of evaluating administrative, technical and physical controls and presented in this new edition of the Clearwater CyberIntelligence Institute Insight Bulletin to help healthcare organizations reevaluate their susceptibility to the additional threats and vulnerabilities these new working conditions might present.   

Teleworking Systems Security Insight

To aid information security teams in managing the rapid transition to a remote workforce resulting from the COVID-19 outbreak, Clearwater is providing its customers and other healthcare providers with Teleworking Systems Security Insight. This complimentary offering includes a customizable survey tool and related consulting services to assist in discovering, analyzing, and integrating the administrative functions of new systems and services being used for telework within their organizations.

To minimize the burden on its customers, Clearwater will collect the data from pre-developed workforce member surveys that can be easily customized to align with the customer’s environment. Clearwater’s expert consultants will review the data, identify significant trends and risks, and deliver a report to the customer recommending applicable and appropriate security practices for the circumstances.

Virtual CISO Services

Clearwater can augment or fill your security and risk management staffing requirements with experienced professionals to help you combat cyberattacks and maintain a strong security posture. We have a deep team of experts who have served as Chief Information Security Officers in healthcare delivery organizations and have a strong understanding of the common information technology systems being used by providers and how the threat landscape is evolving in the wake of COVID-19.

Risk Analysis Software and Services for Assessing Remote Work Environments

While many organizations are accustomed to some of their employees working from home at times, the significant increase in the number of employees teleworking, the introduction of new devices and networks, the existence of non-authorized people at home (e.g. family members), and an upsurge in remote interactions with company information systems remotely, substantially increases the attack surface.

With expert consulting services and purpose-built software, Clearwater can help you perform or update your risk analysis to assess risks as a result of this change in your business process and information technology environment.

To learn more, view our on-demand webinar Performing OCR-Quality Risk Analysis in Expanding Telework and Telehealth Environments.

Technical Testing Services

Clearwater’s award-winning security experts can help you identify new weaknesses that could be exploited, conduct a series of authorized simulated attacks, and conduct a vulnerability and penetration test of your wireless network as well as other important assessments and tests. The service includes:

  • Internal and External Vulnerability Assessments
  • Penetration Testing
  • WLAN Security Testing
  • Web Applications Testing
  • Network Architectural Assessment
Business Impact Analysis

A key component of a strong continuity plan is knowing what business processes must continue in order to carry on the mission of the organization and what the impact is if a process cannot be performed. Clearwater’s Business Impact Analysis (BIA) provides that information in both a qualitative and quantitative means. The BIA exercise will also provide the basis for informed decision making as you continue to develop your response to COVID-19.

Watch our presentation on Analyzing Business Impact to Inform Crisis Decision Making reviewing the key components of a Business Impact Analysis and discussing how the process can be applied to assist your organization in managing continuity and risk during this time of crisis. Click here to watch.

If you have any questions about how your organization should respond in light of COVID-19 concerns, please submit them here. A member of our team will respond promptly to your inquiry.