Clearwater and CyberMDX Announce Partnership to Address Connected Medical Devices and IoT Equipment

Innovative Approach Establishes Blueprint for Medical Device Security Programs to Help Protect Patients from Cybersecurity Threats and Vulnerabilities.
NASHVILLE, Tenn.—(BUSINESS WIRE)—Clearwater and CyberMDX have entered into a partnership to simplify and automate the identification, inventorying, assessment and risk analysis of networked medical devices, using Clearwater’s IRM|ProTM—an Enterprise Cyber Risk Management Software—and CyberMDX’s MDefend—a visibility and cybersecurity solution, powered by an AI and DPI engine, coupled with Clearwater’s professional services.
The CyberMDX-Clearwater joint delivery model—being demonstrated this week at the H-ISAC Fall Summit in San Antonio, TX, Booth 46—creates the most comprehensive and robust enterprise cyber risk management solution available on the market at a time when growing internal and external security threats have made it increasingly difficult for healthcare organizations to protect their sensitive information, including patients’ personal health information (CHIME HealthCare’s Most Wired: National Trends 2018).
“One of the weakest links within clinical networks is also their most critical asset: their connected medical devices,” said CyberMDX Co-Founder and CEO Amir Magner. “Healthcare providers rely on connected medical devices for their clinical workflows and life-saving treatments, but unlike other IT assets, connected medical devices are extremely vulnerable and often poorly managed. Organizations struggle to do a true, enterprise, OCR-quality risk analysis—one that is an information assets-based risk analysis and that evaluates allePHI assets and the specific threats and vulnerabilities that are applicable to them.”
Clearwater CEO Steve Cagle said connected medical devices and other IoT integrated devices or equipment are not just a technology risk but a patient safety risk and a risk to business.
“The truth is, if you don’t know where your devices are, you can’t secure them, and until recently there weren’t good or efficient ways of getting that information,” Cagle said. “Until now, it’s also been difficult to categorize the different groups of like devices to make the risk analysis process more manageable. It’s a tremendous challenge for the industry, and we are pleased to partner with CyberMDX to deliver a best-in-class solution.”
With the CyberMDX-Clearwater joint delivery model, healthcare provider organizations can do in a few hours what has historically taken weeks or months to accomplish. CyberMDX’s unique technology identifies in real-time medical device profile information, which is used by Clearwater to identify like devices from a risk perspective. As a recent deployment for a large Integrated Delivery Network provider showed, the solution was able to condense about 30,000 connected medical devices into about 300 groups by putting them into appropriate classifications and groupings, allowing for a much more manageable risk analysis and ongoing identification, assessment, detection and automatic micro-segmentation of all medical and clinical assets.
Tailored to meet the demanding and unique cybersecurity and HIPAA compliance needs of clinical networks and protocols, CyberMDX’s solution provides an automatic and continuous discovery and profiling solution that is easily deployed, fully scalable and built for large distributed networks.
Clearwater’s IRM|Analysis™ software utilizes the resulting inventory and Clearwater’s proprietary algorithms to facilitate an OCR-Quality Security Risk Analysis on the medical devices, as well as to implement and document remediation actions. The result is a complete risk analysis and risk response solution that complies with HIPAA requirements and can be used to satisfy information request from the Office For Civil Rights (OCR).
“From everything we are seeing with our customers, medical devices are one of their weakest links in the security chain and their greatest concern,” Clearwater’s Cagle said. “In a recent webinar provided by Clearwater and CyberMDX fewer than 18% of attendees stated that they had a comprehensive medical device security program in place.
A compromise of medical devices can have devastating effects for a healthcare provider, including:
the shut down of hospital operations or key functions of a facility
risking patients’ lives by compromising the integrity of data
a back door into the network, resulting in significant data breach of ePHI
the control of devices in critical departments or patient care, e.g. neonatal units and infusion pumps
About CyberMDX
CyberMDX, a pioneer of medical cyber security, delivers zero touch visibility and threat prevention for medical devices and clinical assets. CyberMDX delivers a scalable, easy to deploy cyber security solution, providing unmatched visibility and protection of medical devices ensuring their operational continuity as well as patient and data safety. For more information, please visit us at www.cybermdx.com.
About Clearwater
Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro™ platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017 and 2018 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by the American Hospital Association as well as numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. More information about Clearwater is at clearwatercompliance.com.