Insights and Resources for Healthcare Organizations
As the leader in Healthcare Cyber Risk Management and HIPAA Compliance trusted by thousands of hospitals, health systems, medical device manufacturers, and health IT companies across the country, Clearwater is well equipped to assist organizations as they navigate new threats and vulnerabilities brought on by the COVID-19 outbreak. Below, our team of experts shares insight on the key security and privacy concerns facing healthcare organizations during this time of crisis. We also provide resources that may be helpful in assessing and managing the outbreak’s impact on your organization.
Telehealth Insecurity: Evaluating Emerging Threats and Risk Response
Performing OCR-Quality Risk Analysis™ on New Systems and Processes
Responding to OCR’s Notice of Enforcement Discretion for Telehealth Remote Communications
Identifying and Implementing Appropriate Security Controls in Your Telehealth Architecture
A Limited Waiver of Sanctions for the HIPAA Privacy Rule Does Not Mean Covered Entities Can Ignore Their Responsibilities
Clearwater COVID-19 Cybersecurity Advisory: Analyzing and Responding to Risks Resulting from Work- from-Home Environments
Security Considerations for Deploying Telehealth and Remote Patient Monitoring Systems
With teleworking profoundly changing the way many organizations now conduct business, the Clearwater CyberIntelligence Institute® chose to analyze Security Controls found in its IRM|Analysis™ database that specifically safeguard remote devices and operations to determine which of these were most often found deficient.
The results of these analyses are summarized based on Clearwater’s comprehensive method of evaluating administrative, technical and physical controls and presented in this new edition of the Clearwater CyberIntelligence Institute Insight Bulletin to help healthcare organizations reevaluate their susceptibility to the additional threats and vulnerabilities these new working conditions might present.
To aid information security teams in managing the rapid transition to a remote workforce resulting from the COVID-19 outbreak, Clearwater is providing its customers and other healthcare providers with Teleworking Systems Security Insight. This complimentary offering includes a customizable survey tool and related consulting services to assist in discovering, analyzing, and integrating the administrative functions of new systems and services being used for telework within their organizations.
To minimize the burden on its customers, Clearwater will collect the data from pre-developed workforce member surveys that can be easily customized to align with the customer’s environment. Clearwater’s expert consultants will review the data, identify significant trends and risks, and deliver a report to the customer recommending applicable and appropriate security practices for the circumstances.
Clearwater can augment or fill your security and risk management staffing requirements with experienced professionals to help you combat cyberattacks and maintain a strong security posture. We have a deep team of experts who have served as Chief Information Security Officers in healthcare delivery organizations and have a strong understanding of the common information technology systems being used by providers and how the threat landscape is evolving in the wake of COVID-19.
While many organizations are accustomed to some of their employees working from home at times, the significant increase in the number of employees teleworking, the introduction of new devices and networks, the existence of non-authorized people at home (e.g. family members), and an upsurge in remote interactions with company information systems remotely, substantially increases the attack surface.
With expert consulting services and purpose-built software, Clearwater can help you perform or update your risk analysis to assess risks as a result of this change in your business process and information technology environment.
To learn more, view our on-demand webinar Performing OCR-Quality Risk Analysis in Expanding Telework and Telehealth Environments.
Clearwater’s award-winning security experts can help you identify new weaknesses that could be exploited, conduct a series of authorized simulated attacks, and conduct a vulnerability and penetration test of your wireless network as well as other important assessments and tests. The service includes:
- Internal and External Vulnerability Assessments
- Penetration Testing
- WLAN Security Testing
- Web Applications Testing
- Network Architectural Assessment
A key component of a strong continuity plan is knowing what business processes must continue in order to carry on the mission of the organization and what the impact is if a process cannot be performed. Clearwater’s Business Impact Analysis (BIA) provides that information in both a qualitative and quantitative means. The BIA exercise will also provide the basis for informed decision making as you continue to develop your response to COVID-19.
- AEHIS: Information Technology Considerations for a Disease Outbreak
- Long-Term Care Nursing Homes Telehealth and Telemedicine Tool Kit
- Faster, Better Together: Health System Lessons Learned in Tackling COVID-19
- Four ways to mitigate COVID-19 cyber risks
- FAQs on Telehealth and HIPAA during the COVID-19 nationwide public health emergency
- Is That PC Safe? – How to Quickly Deploy New PCs to Support Your COVD-19 Telework and Telehealth Efforts
- General Provider Telehealth and Telemedicine Tool Kit
- Management Checklist for Teleworking Surge
- AHA Market Intelligence: Telehealth and Virtual Care Best Practices
- Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency
HHS OCR COVID-19 Resources
- OCR Issues Guidance to Help Ensure First Responders and Others Receive Protected Health Information about Individuals Exposed to COVID-19
- HHS Coronavirus Disease 2019 (COVID-19) Updates
- Cyber Attack Quick Response Checklist
- COVID-19 Email Phishing Against U.S. Healthcare Providers
- Online Extortion Scams Increasing During The Covid-19 Crisis
- Selecting and Safely Using Collaboration Services for Telework
- COVID-19 VTC Exploitation
- COVID-19 Cyber Threats
- OCR’s Cyber Security Guidance Material
- Additional information related to HIPAA and COVID-19
OCR Update on HIPAA and COVID-19
The HHS Office for Civil Rights (OCR) hosted a webinar on April 24, 2020, for health IT stakeholders on HIPAA privacy and security issues related to COVID-19 and recent OCR actions related to the pandemic.