Category: news

NASHVILLE, Tenn.—(BUSINESS WIRE)—Endpoint data loss, excessive user permissions, and dormant accounts make up 70 percent of all high and critical risk scenarios for laptop vulnerabilities at hospitals and health systems across the country, according to new findings released by the Clearwater CyberIntelligence Institute (CCI), which leverages insights from Clearwater’s proprietary database—the industry’s largest and most complete database focused exclusively on the unique cybersecurity risk profiles of hospitals, Integrated Delivery Networks (IDNs) and business associates.
Despite efforts to make laptops more secure, the CCI study found they remain a Top 10 cybersecurity risk for hospitals and health systems. Upon further study, CCI found that the No. 1 vulnerability among laptops — endpoint data loss — remains so high because of continued deficiencies in these important controls:

• 98.9 percent of laptops have deficiencies in locked down external ports (USB, CD, DVD, Firewire, etc.), which prevent users from exporting sensitive data to external storage media.
• 63.3 percent of laptops have deficiencies of users storing data locally rather than accessing the organization’s programs and data via secure, virtual desktop software (such as Citrix Virtual Apps, Desktop or VMWare Horizon).
• 52.7 percent have deficiencies in data loss prevention tools, which are designed to scan all communications traffic to keep sensitive data from being sent to unauthorized users.

“It may seem like a given, but the questions that hospitals and health systems need to be constantly considering are, do we know for certain that the security measures we have adopted for these things have been properly implemented,” said Clearwater’s Jon Stone, who leads CCI and serves as senior vice president for Product Innovation. “Further, do the risk ratings associated with these controls bring the right level of attention to these major risks?”
See the complete the findings and learn how to address these high-risk factors here.
About Clearwater CyberIntelligence™ Institute (CCI)
CCI harnesses the power of a database populated by healthcare organizations that contain millions of risk records from hospitals, Integrated Delivery Networks (IDNs) and business associates to safeguard patient safety and private organizations against cyber threats. Launched in 2018, CCI was established as a response to the exponentially growing threat surface from the Internet of Things and the proliferation of attackers in healthcare. The data mining and informatics team at the CCI institute uses advanced analytics techniques to provide useful publications to identify common security weaknesses found in hospitals, health systems and other healthcare organizations. Hospital executives can direct their immediate attention to threats, vulnerabilities and control deficiencies identified by CCI and perhaps take immediate action to reduce their organization’s risk profile.
About Clearwater
Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro™ platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017 and 2018 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by the American Hospital Association as well as numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. More information about Clearwater is at clearwatercompliance.com.

NASHVILLE, Tenn.—(BUSINESS WIRE)—Clearwater and Digital Reasoning today announced a strategic three-year Cyber Risk Services partnership enabling healthcare providers to realize the results of artificial intelligence (AI) powered solutions supported by a proven and trusted cybersecurity and HIPAA compliance program.
Experts predict AI will dramatically impact the “Triple Aim” – cost, quality and patient experience – by creating value from patient data. With Patient Health Information (PHI) at the heart of that work, healthcare AI necessitates the highest standards in cybersecurity to ensure patient and provider confidence in their data safeguards.
As Clearwater supports many technology companies entering healthcare, such as Uber Health, the company’s work with Digital Reasoning couples its IRM|Pro™ Cyber Risk Management SaaS platform with professional service expertise to deliver an OCR-Quality Risk Analysis™. Clearwater’s Cyber Risk Services will support enablement of administrative, technical and physical safeguards combined with workforce training, policies and procedures.
“We are honored to earn the trust and confidence of Digital Reasoning and to join them in enabling this strategically important evolution in healthcare,” said Steve Cagle, Clearwater CEO. “Healthcare presents an important growth opportunity, and we are excited to support Digital Reasoning as they bring their proven AI technologies to the industry and to the benefit of millions of patients.”
With increasing pressure on health systems to create value from the digitization of medical records and build consumer-centric solutions comes increased necessity to ensure PHI is handled with the highest care and security.
“Clearwater’s deep experience with leading health systems and its ability to deliver the gold standard in cybersecurity beyond simply HIPAA compliance makes this a strong partnership that will benefit our current and future healthcare clients,” said Digital Reasoning CEO Brett Jackson. “AI and machine learning empowers solutions to extract value from healthcare organizations’ data. That only happens with the highest cybersecurity standards. Only together can we deliver on the promise of AI – augmenting doctors, nurses and the whole care team to enhance their most important work: caring for patients.”
Digital Reasoning, recognized by PitchBook in 2018 as Tennessee’s most valuable startup, began the healthcare journey by entering into a strategic partnership with HCA Healthcare to unlock valuable insights captured within both unstructured and structured data in clinical records. This partnership yielded proven, market-validated solutions that will now be available to all healthcare providers. Last year, the company announced a new, $30 million round of funding that included previous investor HCA.
About Digital Reasoning
Digital Reasoning builds software that understands human communication, context and meaning to create value at enterprise scale. In health care, Digital Reasoning deploys AI-powered care management software within health systems to augment the care team and accelerate the entire care process, delivering a positive impact on clinical, financial and operational outcomes. For more information about Digital Reasoning visit www.digitalreasoning.com/healthcare.
About Clearwater
Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro™ platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017 and 2018 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by the American Hospital Association as well as numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. More information about Clearwater is at www.clearwatercompliance.com.

Montreal, Canada—Chemical Computing Group (CCG) and the American Chemical Society’s (ACS) Division of Computers in Chemistry (COMP) congratulate the winners of the COMP CCG Research Excellence Awards for the Spring 2019 ACS National Meeting in Orlando, FL.
The award winners’ research will be recognized at the COMP Division Poster Session on Tuesday, April 2nd, 2019. Each winner will receive an award certificate, a one-year MOE (Molecular Operating Environment) software license for the winners’ research group, as well as financial support to cover their travel costs to Orlando.
The winners are:
Vinicius Cruzeiro, University of Florida, group of Adrian E. Roitberg
Ryan DeFever, Clemson University, group of Sapna Sarupria
Hongxia Hao, Brown University, group of Brenda M. Rubenstein
Joonho Lee, University of California, Berkeley, group of Martin P. Head-Gordon
Fang-Yu Lin, University of Maryland, group of Alexander D. MacKerell
About COMP CCG Research Excellence Awards
The COMP CCG Research Excellence Awards recognize and encourage exceptional research conducted by graduate students in the field of computational chemistry. For more information about the CCG Excellence Awards, please visit: www.chemcomp.com/research-academic.htm
About Chemical Computing Group
CCG (Chemical Computing Group) is a leading supplier of software solutions for life sciences. With a proven track record in scientific innovation, CCG continues to provide state-of-the-art applications in drug discovery to pharmaceutical, biotechnology and academic researchers. CCG’s software platform is the Molecular Operating Environment (MOE) which is used by computational chemists, medicinal chemists and biologists in the major pharmaceutical and biotechnology companies throughout the world. CCG has a very strong reputation for collaborative scientific support, maintaining support offices in both Europe and North America. Founded in 1994, CCG is headquartered in Montreal, Canada. For more information visit: www.chemcomp.com

New York, NY: Altaris Capital Partners, LLC announces an investment in Community Pharmacy Partners (“CPP”).
CPP operates pharmacies in Texas, Arizona and Virginia that are focused on providing patients with safe and efficacious alternatives to prescription opioids for pain management. Altaris has partnered with the founders of CPP and its management team as part of a recapitalization transaction to support the company’s growth plans.
CPP is headquartered in Dallas, TX.For more information on CPP, visit www.communityrxp.com.

NASHVILLE, Tenn.—(BUSINESS WIRE)—The three most critical and common high-security cyber risks facing healthcare delivery organizations and their partners have been uncovered in a first-of-its-kind analysis by the Clearwater CyberIntelligence™ Institute (CCI). CCI was formed earlier this year to leverage insights from Clearwater’s proprietary database created by IRM|Analysis™. The database, containing millions of risk records accumulated during the completion of comprehensive, NIST-based risk analyses for hundreds of Clearwater customers over the last six years, is the industry’s largest and most complete database focused exclusively on the unique cybersecurity risk profiles of hospitals, Integrated Delivery Networks (IDNs) and business associates.
At the top of the patient data breach vulnerability list is User Authentication Deficiencies, followed by Endpoint Leakage and Excessive User Permissions, the CCI analysis revealed. Together, the top three areas of vulnerability account for nearly 37 percent of all critical risk scenarios.
“Hospital executives should direct their immediate attention to these three top vulnerabilities and consider action to reduce their organization’s risk profile,” said Clearwater’s Jon Stone, who leads CCI and serves as senior vice president for Product Innovation. “It is critically important that hospitals and health systems evaluate their organization’s information systems to determine their specific risk ratings on these three critical vulnerabilities and take the necessary steps to close any gaps.”
For context, User Authentication Deficiencies are weaknesses in the process used by an organization to uniquely identify and verify a user. Examples of deficiencies include such things as use of generic User IDs and/or passwords, posting user passwords on monitors or under keyboards, and emailing user credentials unencrypted over external networks. Some of the most common technology associated with these gaps include servers and SaaS (Software-as-a-Service) solutions. Complete findings can be found in the first edition of the Clearwater CyberIntelligence Insight Bulletin.
CCI was established earlier this year as a response to the exponentially growing threat surface from the Internet of Things (IoT) and the proliferation of attackers in healthcare. The data mining and informatics team at the Institute uses advanced analytics techniques to identify common security weaknesses found in hospitals, health systems and other healthcare organizations and provide actionable steps they can take to better protect themselves and their patient data from cyber attack. CCI leverages the enormous data set of cyber risk information stored in its proprietary IRM|Analysis™ database, which was built over the last six years from millions of risk records collected from hundreds of hospitals, Integrated Delivery Networks (IDNs) and business associates while completing comprehensive, NIST-based cybersecurity Risk Analyses.
“IRM|Analysis has become the industry’s gold standard for performing an OCR-Quality Risk Analysis, and with so many hospitals now using the software, we are accumulating an enormous amount of data,” noted Steve Cagle, CEO of Clearwater. “Clearwater will continue to leverage this data to provide insights and best practices to its Customers, as we continue to build upon reputation of thought leadership in risk analysis and cyber risk management.”
About Clearwater CyberIntelligence™ Institute (CCI)
CCI harnesses the power of a database populated by healthcare organizations that contain millions of risk records from hospitals, Integrated Delivery Networks (IDNs) and business associates to safeguard patient safety and private organizations against cyber threats. Launched in 2018, CCI was established as a response to the exponentially growing threat surface from the Internet of Things and the proliferation of attackers in healthcare. The data mining and informatics team at the CCI institute uses advanced analytics techniques to provide useful publications to identify common security weaknesses found in hospitals, health systems and other healthcare organizations. Hospital executives can direct their immediate attention to threats, vulnerabilities and control deficiencies identified by CCI and perhaps take immediate action to reduce their organization’s risk profile.
About Clearwater
Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro™ platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017 and 2018 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by the American Hospital Association as well as numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. More information about Clearwater is at www.clearwatercompliance.com.

Franklin, Ind.—G&H Orthodontics, a leading provider of clinical solutions for the orthodontic community, today announced the appointment of John Voskuil as Chief Executive Officer.
Mr. Voskuil joins G&H with more than 20 years of experience delivering solutions to patients and doctors in the dental and orthodontics industry. Prior to G&H, Mr. Voskuil held a number of senior leadership positions at Dentsply Sirona and earned a Bachelor of Science in Industrial Technology Management from the University of Wisconsin – Platteville and an MBA from Northern Illinois University.
“I am thrilled to join the G&H Orthodontics team and continue the company’s strong history of providing industry leading quality and value to its customers and partners around the world,” said Mr. Voskuil. “With its globally recognized brand and world–class product portfolio, G&H is well positioned to meet the evolving needs of its customers and ensure high quality outcomes for patients. I am excited about the opportunities ahead to serve our customers and accelerate growth.”
Jim O’Brien, G&H board member and Managing Director at Altaris Capital Partners, LLC, added, “We are excited to partner with John as he leads G&H through its next phase of growth, delivering high quality orthodontic solutions to doctors and patients around the world.”
About G&H Orthodontics
G&H Orthodontics, Inc. is a leading provider of clinical solutions for the orthodontic community serving customers for over 40 years in over 90 countries. G&H® is the manufacturer of a full line made in the U.S.A. including brackets, bands, tubes, wires, springs, elastomerics, and other orthodontic supplies. G&H is compliant with the U.S. FDA, ISO 13485:2003, Medical Device Directives, 93/42 EEC and Canadian Medical Device Guidelines, which ensures availability of products worldwide. G&H Orthodontics is a privately held company headquartered in Franklin, Indiana.

Innovative Approach Establishes Blueprint for Medical Device Security Programs to Help Protect Patients from Cybersecurity Threats and Vulnerabilities.
NASHVILLE, Tenn.—(BUSINESS WIRE)—Clearwater and CyberMDX have entered into a partnership to simplify and automate the identification, inventorying, assessment and risk analysis of networked medical devices, using Clearwater’s IRM|ProTM—an Enterprise Cyber Risk Management Software—and CyberMDX’s MDefend—a visibility and cybersecurity solution, powered by an AI and DPI engine, coupled with Clearwater’s professional services.
The CyberMDX-Clearwater joint delivery model—being demonstrated this week at the H-ISAC Fall Summit in San Antonio, TX, Booth 46—creates the most comprehensive and robust enterprise cyber risk management solution available on the market at a time when growing internal and external security threats have made it increasingly difficult for healthcare organizations to protect their sensitive information, including patients’ personal health information (CHIME HealthCare’s Most Wired: National Trends 2018).
“One of the weakest links within clinical networks is also their most critical asset: their connected medical devices,” said CyberMDX Co-Founder and CEO Amir Magner. “Healthcare providers rely on connected medical devices for their clinical workflows and life-saving treatments, but unlike other IT assets, connected medical devices are extremely vulnerable and often poorly managed. Organizations struggle to do a true, enterprise, OCR-quality risk analysis—one that is an information assets-based risk analysis and that evaluates allePHI assets and the specific threats and vulnerabilities that are applicable to them.”
Clearwater CEO Steve Cagle said connected medical devices and other IoT integrated devices or equipment are not just a technology risk but a patient safety risk and a risk to business.
“The truth is, if you don’t know where your devices are, you can’t secure them, and until recently there weren’t good or efficient ways of getting that information,” Cagle said. “Until now, it’s also been difficult to categorize the different groups of like devices to make the risk analysis process more manageable. It’s a tremendous challenge for the industry, and we are pleased to partner with CyberMDX to deliver a best-in-class solution.”
With the CyberMDX-Clearwater joint delivery model, healthcare provider organizations can do in a few hours what has historically taken weeks or months to accomplish. CyberMDX’s unique technology identifies in real-time medical device profile information, which is used by Clearwater to identify like devices from a risk perspective. As a recent deployment for a large Integrated Delivery Network provider showed, the solution was able to condense about 30,000 connected medical devices into about 300 groups by putting them into appropriate classifications and groupings, allowing for a much more manageable risk analysis and ongoing identification, assessment, detection and automatic micro-segmentation of all medical and clinical assets.
Tailored to meet the demanding and unique cybersecurity and HIPAA compliance needs of clinical networks and protocols, CyberMDX’s solution provides an automatic and continuous discovery and profiling solution that is easily deployed, fully scalable and built for large distributed networks.
Clearwater’s IRM|Analysis™ software utilizes the resulting inventory and Clearwater’s proprietary algorithms to facilitate an OCR-Quality Security Risk Analysis on the medical devices, as well as to implement and document remediation actions. The result is a complete risk analysis and risk response solution that complies with HIPAA requirements and can be used to satisfy information request from the Office For Civil Rights (OCR).
“From everything we are seeing with our customers, medical devices are one of their weakest links in the security chain and their greatest concern,” Clearwater’s Cagle said. “In a recent webinar provided by Clearwater and CyberMDX fewer than 18% of attendees stated that they had a comprehensive medical device security program in place.
A compromise of medical devices can have devastating effects for a healthcare provider, including:
the shut down of hospital operations or key functions of a facility
risking patients’ lives by compromising the integrity of data
a back door into the network, resulting in significant data breach of ePHI
the control of devices in critical departments or patient care, e.g. neonatal units and infusion pumps
About CyberMDX
CyberMDX, a pioneer of medical cyber security, delivers zero touch visibility and threat prevention for medical devices and clinical assets. CyberMDX delivers a scalable, easy to deploy cyber security solution, providing unmatched visibility and protection of medical devices ensuring their operational continuity as well as patient and data safety. For more information, please visit us at www.cybermdx.com.
About Clearwater
Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro™ platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017 and 2018 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by the American Hospital Association as well as numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. More information about Clearwater is at clearwatercompliance.com.

When urologist Eric Giesler, MD opted to use the Endocare^® Cryocare^® cryotherapy system to treat his patients’ prostate cancer, he had two vendor choices “and this, in my opinion, is the better one.”
Also better: the technologist support he gets when he uses the system to treat about 30 patients annually at four Austin-area hospitals.
“HealthTronics technologists are pretty important,” said Dr. Giesler, a Urology Austin general provider with a focus on urologic oncology. “They’re looking out for any potential missteps. If you forget something, they’re invaluable as a secondary check.”
A technologist shows up at the hospital with the cryotherapy system under arrangements Dr. Giesler has with HealthTronics. It’s a helpful, extra convenience to go along with Endocare^® cryotherapy’s “versatile technology that allows you to treat prostate cancer very precisely,” Dr. Geisler said.
He has built a proven record of success utilizing the system since 2014 – to the point where colleagues in the 42-provider Urology Austin group regularly refer their patients to him for “freezing” prostate tumors. The process is natural, nontoxic and low-impact for high-risk and weaker patients not suited for surgery or radiation therapy.
It also can be used for “salvage cryotherapy,” which is effective in the 20-30 percent of patients where radiation is ineffective. This Endocare^® system also is being used more commonly for interventional oncology treatment of cancer cells in lungs and kidneys, as well as on liver metastases and in palliative interventions (including managing pain from metastatic cancer).

CHIME HealthCare’s 2018 Most Wired Survey Cites Profound Need for Foundational Security and Disaster Recovery Measures.
SAN DIEGO & NASHVILLE, Tenn.—(BUSINESS WIRE)—In the wake of a record-breaking $16 million data breach settlement earlier this month that put insurers and provides alike on notice that ignoring cybersecurity risks could come with a hefty price tag, a new national survey of U.S. health systems finds that only 29 percent report having a comprehensive cybersecurity program in place.
“Due to a growing number of internal and external security threats, it has become increasingly more difficult for healthcare organizations to protect their sensitive information, including patients’ personal health information,” according to CHIME HealthCare’s Most Wired: National Trends 2018 report issued today during the annual CHIME Fall CIO Forum in San Diego. Clearwater, a CHIME member and top-ranked healthcare cyber risk management solutions company, was a sponsor of the research for a second year.
Clearwater Chief Trust & Security Officer Richard Staynings said the findings from this year’s Most Wired research should be a wake-up call for health system leadership especially as healthcare becomes increasingly digital (the overall Internet of Medical Things, or IoMT, market is expected to grow from $41 billion in 2017 to $158 billion by 2022, Deloitte, July 2018).
“The question every board of directors and executive leadership team should be asking themselves is, have we done a sufficient risk analysis, and if not, why not?” said Staynings. “In our own analysis of the past 57 OCR settlements involving a breach of electronic protected health information, in 88 percent of the cases, the healthcare organization failed to do a sufficient risk analysis. That’s pretty mind boggling.”
The Anthem data breach, affecting nearly 79 million people, is the largest ever reported, and statistics show healthcare breaches are on the rise, with 277 breaches through the first nine months of 2018, compared with 271 during the same period the year before. Most breaches stemmed from hacking or “IT incidents,” according to the HHS Office of Civil Rights (OCR), which enforces Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules. Breaches currently under investigation can be found here. Regulators also noted that Anthem failed to take several basic security steps, including conducting an enterprise-wide security risk assessment on all assets involved with PHI, including assets thought to be “out of scope.”
While Most Wired found most respondents have taken at least one step toward an incident-response plan (97 percent said they have a documented EHR-outage prodecure, for example), only 29 percent reported having a comprehensive cybersecurity program in place, just 26 percent surveyed said they had adopted all 10 critical components of an incident response plan, while 43 percent had adopted 7-9 components, and 31 percent reported adoption of fewer than seven.
“Before provider organizations can achieve outcomes with their strategies for population health management, value-based care, patient engagement, and telehealth, they must first ensure that foundational pieces such as integration, interoperability, security, and disaster recovery are in place,” the CHIME report concluded.
The annual Most Wired survey is designed to identify and recognize healthcare organizations that exemplify best practices through their adoption, implementation and use of information technology. This is CHIME’s first year to oversee the Most Wired program since acquiring it from the American Hospital Association. Participation is open to all CIOs and qualified health organizations.
This year’s research added a new emphasis on measuring key areas to help identify gaps in healthcare organizations’ technology adoption and strategies and to highlight areas in which the industry has opportunities to make progress. The key areas that emerged from this year’s research were:

• Foundational Technologies:
• Integration and Interoperability
• Security and Disaster Recovery
• Transformational Technologies:
• Population Health Management and Value-Based Care
• Patient Engagement and Telehealth

Clearwater has long been a leader in cyber risk management solutions, and its founder and executive chairman, Bob Chaput, is known as an industry trailblazer. He recently authored a chapter titled “Compliance Risk Management and Cyber Risk Management” in the Wolters Kluwer 2019 Health Law and Compliance Update, now in its 16th year. The publication features national experts who address key developments in healthcare delivery, payment, and compliance.
Chaput’s chapter includes practical advice and analytical tools for use in organizational compliance and cyber risk management programs in addition to a timely and thorough analysis.
The chapter includes topics such as:

• What constitutes an OCR-quality risk analysis
• Jump-starting an effective cyber risk management program
• The consequences of an inadequate risk analysis
• Critical building blocks for a comprehensive, enterprise-wide information risk management program
• Three pillars of HIPAA compliance
• Governance
• Most common risk analysis mistakes
• A case study: St. Joseph Health

The chapter addresses the misconception that compliance risk management and cyber risk management are synonymous. Chaput explains the differences between the two, and gives healthcare organizations the information they need to evaluate where gaps may exist in their compliance and cyber risk management programs. The chapter focuses on what is involved in a comprehensive risk analysis, and offers actionable steps an organization can take to move toward a comprehensive information risk management program.
“Compliance risk management is a critical component of any healthcare organization’s overall risk management program,” said Chaput. “Yet, compliance is only one part of a much bigger information risk management picture. Cyber risk management takes a more complete look at an organization’s information assets, threats and vulnerabilities than compliance risk management does.”
The 2019 Edition of the book can be purchased from Wolters Kluwer: lrus.wolterskluwer.com
About Clearwater
Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro™ platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017 and 2018 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by the American Hospital Association as well as numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. More information about Clearwater is at www.clearwatercompliance.com.
Contacts
Clearwater
Kriste Goad, 615-440-9049
kriste@growwithfuoco.com

Holistic Solution Enables Healthcare Providers to Address Security Risks of Biomedical Devices and Elevate HIPAA Compliance through Unique Technology.
NASHVILLE, Tenn.—(BUSINESS WIRE)—Clearwater, a top-ranked healthcare cyber risk management solutions company, announced today that it will offer healthcare delivery organizations the most comprehensive solution available for improving the security of biomedical devices connected to their networks. Much more than just a traditional vulnerability assessment, Clearwater strengthens its end-to-end, enterprise approach to reducing risks, by automatically identifying, assessing, and managing risk of all wired as well as wireless medical devices.
Clearwater offers comprehensive medical device cybersecurity and risk management solution
Tweet this
Clearwater’s medical device security solution adds a new dimension to traditional vulnerability assessment by enabling technology to discover and inventory medical devices, identify which devices have electronic protected health information (ePHI), assess their vulnerabilities, interpret active threats, and provide actionable insights for reducing risk. Clearwater’s IRM|Analysis™ software utilizes the resulting inventory and Clearwater’s proprietary algorithms to facilitate an OCR-Quality Security Risk Analysis on the medical devices, as well as to implement and document remediation actions. The result is a complete risk analysis and risk response solution that complies with HIPAA requirements.
Security of medical devices is of great concern to healthcare providers, as unauthorized access to a biomedical device may not only threaten confidentiality of ePHI, but also has the potential of compromising availability of service and integrity of data that might be critical to patient care. Awareness of these concerns is growing. As recently as August of this year, Homeland Security issued alerts for some Phillips medical devices, and last year the FDA issued a recall of 465,000 pacemakers from another manufacturer to patch security holes.
“Understanding risks associated with medical devices has proven challenging for hospitals,” said Steve Cagle, CEO of Clearwater. “Many do not have the tools or processes in place to find and profile them. As a result, healthcare providers are not assessing vulnerabilities, performing risk analysis, or taking appropriate steps to reduce risks to these devices to acceptable levels. Clearwater’s solution addresses these challenges by creating a comprehensive process of discovering devices and performing both a technical evaluation and a security risk analysis. This solution also delivers specific actions that can be taken to improve security. With our solution in place, hospitals will be able to more efficiently and effectively prioritize where they should focus their security efforts.”
In addition to retaining Clearwater to create or improve their programs, customers can opt to engage Clearwater on an ongoing basis to monitor device activity, vulnerabilities, and threats, and make recommendations for remediation. This enables hospitals to implement an ongoing, continuous process to managing device security without the need to refocus internal resources.
About Clearwater
Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro™ platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, and the 2017 and 2018 Black Book Marketing Research winner in Compliance and Risk Management Solutions. Its solutions are exclusively endorsed by the American Hospital Association as well as numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. More information about Clearwater is at www.clearwatercompliance.com.
Contacts
Clearwater
Kelly Motley, 615-483-0365
Kelly.Motley@Clearwatercompliance.com