Clearwater CyberIntelligence™ Institute Study Finds Laptops Still a Significant Data Security Risk for Hospitals and Health Systems

NASHVILLE, Tenn.—(BUSINESS WIRE)—Endpoint data loss, excessive user permissions, and dormant accounts make up 70 percent of all high and critical risk scenarios for laptop vulnerabilities at hospitals and health systems across the country, according to new findings released by the Clearwater CyberIntelligence Institute (CCI), which leverages insights from Clearwater’s proprietary database—the industry’s largest and most complete database focused exclusively on the unique cybersecurity risk profiles of hospitals, Integrated Delivery Networks (IDNs) and business associates.
Despite efforts to make laptops more secure, the CCI study found they remain a Top 10 cybersecurity risk for hospitals and health systems. Upon further study, CCI found that the No. 1 vulnerability among laptops — endpoint data loss — remains so high because of continued deficiencies in these important controls:

  • 98.9 percent of laptops have deficiencies in locked down external ports (USB, CD, DVD, Firewire, etc.), which prevent users from exporting sensitive data to external storage media.
  • 63.3 percent of laptops have deficiencies of users storing data locally rather than accessing the organization’s programs and data via secure, virtual desktop software (such as Citrix Virtual Apps, Desktop or VMWare Horizon).
  • 52.7 percent have deficiencies in data loss prevention tools, which are designed to scan all communications traffic to keep sensitive data from being sent to unauthorized users.

“It may seem like a given, but the questions that hospitals and health systems need to be constantly considering are, do we know for certain that the security measures we have adopted for these things have been properly implemented,” said Clearwater’s Jon Stone, who leads CCI and serves as senior vice president for Product Innovation. “Further, do the risk ratings associated with these controls bring the right level of attention to these major risks?”
See the complete the findings and learn how to address these high-risk factors here.
About Clearwater CyberIntelligence™ Institute (CCI)
CCI harnesses the power of a database populated by healthcare organizations that contain millions of risk records from hospitals, Integrated Delivery Networks (IDNs) and business associates to safeguard patient safety and private organizations against cyber threats. Launched in 2018, CCI was established as a response to the exponentially growing threat surface from the Internet of Things and the proliferation of attackers in healthcare. The data mining and informatics team at the CCI institute uses advanced analytics techniques to provide useful publications to identify common security weaknesses found in hospitals, health systems and other healthcare organizations. Hospital executives can direct their immediate attention to threats, vulnerabilities and control deficiencies identified by CCI and perhaps take immediate action to reduce their organization’s risk profile.
About Clearwater
Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro™ platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017 and 2018 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by the American Hospital Association as well as numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. More information about Clearwater is at clearwatercompliance.com.