Insights and Resources for Healthcare Organizations

As the leader in Healthcare Cyber Risk Management and HIPAA Compliance trusted by thousands of hospitals, health systems, medical device manufacturers, and health IT companies across the country, Clearwater is well equipped to assist organizations as they navigate new threats and vulnerabilities brought on by the COVID-19 outbreak. Below, our team of experts shares insight on the key security and privacy concerns facing healthcare organizations during this time of crisis. We also provide resources that may be helpful in assessing and managing the outbreak’s impact on your organization.

Clearwater Insights

How COVID-19 is Changing the Information Security Landscape
How COVID-19 is Changing the Information Security Landscape
Using Clearwater’s IRM|Analysis® Software to Perform an OCR-Quality Risk Analysis on Telehealth Systems
Using Clearwater’s IRM|Analysis® Software to Perform an OCR-Quality® Risk Analysis on Telehealth Systems
Telehealth Insecurities
Telehealth Insecurity: Evaluating Emerging Threats and Risk Response
Performing OCR-Quality Risk Analysis™ on New Systems and Processes
Performing OCR-Quality® Risk Analysis on New Systems and Processes
Responding to OCR’s Notice of Enforcement Discretion for Telehealth Remote Communications
Responding to OCR’s Notice of Enforcement Discretion for Telehealth Remote Communications
Identifying and Implementing Appropriate Security Controls in Your Telehealth Architecture
A Limited Waiver of Sanctions for the HIPAA Privacy Rule
A Limited Waiver of Sanctions for the HIPAA Privacy Rule Does Not Mean Covered Entities Can Ignore Their Responsibilities
covid19-Blog Posts-bg
Clearwater COVID-19 Cybersecurity Advisory: Analyzing and Responding to Risks Resulting from Work- from-Home Environments
Securing Telehealth
Security Considerations for Deploying Telehealth and Remote Patient Monitoring Systems
Continuity and COVID-19
Continuity and COVID-19

Clearwater Resources

COVID-19 After Action Assessment
While the COVID-19 crisis is far from over, now is an appropriate time for healthcare providers’ Information Technology and Security teams to assess the actions their organizations have taken to date. An After Action Assessment will not only inform your thinking about what needs to be done going forward, it also helps meet the requirements of the CMS Emergency Preparedness Rule and the HIPAA Security Rule as well Joint Commission Emergency Management standards.

Click here to learn more or access on our on-demand webinar on Conducting a COVID-19 After Action Assessment.
Analyzing the Teleworking Security Concerns Driven By COVID-19 

With teleworking profoundly changing the way many organizations now conduct business, the Clearwater CyberIntelligence Institute® chose to analyze Security Controls found in its IRM|Analysis™ database that specifically safeguard remote devices and operations to determine which of these were most often found deficient.  

The results of these analyses are summarized based on Clearwater’s comprehensive method of evaluating administrative, technical and physical controls and presented in this new edition of the Clearwater CyberIntelligence Institute Insight Bulletin to help healthcare organizations reevaluate their susceptibility to the additional threats and vulnerabilities these new working conditions might present.   

Teleworking Systems Security Insight

To aid information security teams in managing the rapid transition to a remote workforce resulting from the COVID-19 outbreak, Clearwater is providing its customers and other healthcare providers with Teleworking Systems Security Insight. This complimentary offering includes a customizable survey tool and related consulting services to assist in discovering, analyzing, and integrating the administrative functions of new systems and services being used for telework within their organizations.

To minimize the burden on its customers, Clearwater will collect the data from pre-developed workforce member surveys that can be easily customized to align with the customer’s environment. Clearwater’s expert consultants will review the data, identify significant trends and risks, and deliver a report to the customer recommending applicable and appropriate security practices for the circumstances.

Virtual CISO Services

Clearwater can augment or fill your security and risk management staffing requirements with experienced professionals to help you combat cyberattacks and maintain a strong security posture. We have a deep team of experts who have served as Chief Information Security Officers in healthcare delivery organizations and have a strong understanding of the common information technology systems being used by providers and how the threat landscape is evolving in the wake of COVID-19.

Risk Analysis Software and Services for Assessing Remote Work Environments

While many organizations are accustomed to some of their employees working from home at times, the significant increase in the number of employees teleworking, the introduction of new devices and networks, the existence of non-authorized people at home (e.g. family members), and an upsurge in remote interactions with company information systems remotely, substantially increases the attack surface.

With expert consulting services and purpose-built software, Clearwater can help you perform or update your risk analysis to assess risks as a result of this change in your business process and information technology environment.

To learn more, view our on-demand webinar Performing OCR-Quality Risk Analysis in Expanding Telework and Telehealth Environments.

Technical Testing Services

Clearwater’s award-winning security experts can help you identify new weaknesses that could be exploited, conduct a series of authorized simulated attacks, and conduct a vulnerability and penetration test of your wireless network as well as other important assessments and tests. The service includes:

  • Internal and External Vulnerability Assessments
  • Penetration Testing
  • WLAN Security Testing
  • Web Applications Testing
  • Network Architectural Assessment
Business Impact Analysis

A key component of a strong continuity plan is knowing what business processes must continue in order to carry on the mission of the organization and what the impact is if a process cannot be performed. Clearwater’s Business Impact Analysis (BIA) provides that information in both a qualitative and quantitative means. The BIA exercise will also provide the basis for informed decision making as you continue to develop your response to COVID-19.

Watch our presentation on Analyzing Business Impact to Inform Crisis Decision Making reviewing the key components of a Business Impact Analysis and discussing how the process can be applied to assist your organization in managing continuity and risk during this time of crisis. Click here to watch.

If you have any questions about how your organization should respond in light of COVID-19 concerns, please submit them here. A member of our team will respond promptly to your inquiry.