Clearwater Extends Healthcare Cyber Risk Management Leadership with AI-Driven Predictive Risk Rating, Peer-to-Peer Benchmarking and ServiceNow Integration Capabilities
Nashville, TN—Clearwater, the leading provider of Enterprise Cyber Risk Management and HIPAA Compliance solutions for the healthcare industry, announced today new innovations being introduced as part of the forthcoming 6.0 release of its flagship software product IRM|Analysis. Focused on helping customers more confidently and efficiently analyze cyber risk across their enterprise, the innovations further establish Clearwater as the go-to partner for healthcare organizations seeking to understand where their greatest risks lie and take action in addressing them.
Used by many of the nation’s largest health systems, major physician groups, leading health IT companies, and other business partners, IRM|Analysis has become the healthcare industry’s gold standard for performing a comprehensive, efficient, by-the-book risk analysis and managing risks on an ongoing basis since the first release of the product nearly ten years ago.
The new innovations, which draw upon the software’s vast pool of data, deliver even greater power and value to customers.
More Intelligent: AI-Driven and Community-Powered Predictive Risk Rating
A risk rating is a function of the likelihood of a threat exploiting an information technology (IT) asset vulnerability and the impact to the organization should the exploit be successful. Determining the likelihood and impact requires careful analysis of controls in place for that asset by an analyst, and it can be a time-consuming, subjective, and error-prone process.
IRM|Analysis employs built-in algorithms to:
- Determine potential vulnerability and threat scenarios that should be considered
- Automatically suggest which controls are recommended to mitigate threats exploiting vulnerabilities in these specific scenarios
- Provide a standard means to rate risk based on both the likelihood of an event (based on the controls in place or not in place) and the harm that would be caused (based on the importance of the information system or its data to that organization)
- Enable an organization to prioritize and report on risks across the enterprise in a consolidated or “drill down” manner through integrated reporting tools and dashboards
With the introduction of a new Predictive Risk Rating capability in IRM|Analysis, Clearwater is leveraging Artificial Intelligence (AI) and Machine Learning technology to tap into more than a million risk ratings generated by the company’s experts and its community of software users to help healthcare organizations more quickly and confidently analyze risk across the enterprise.
“In 2019, we advanced IRM|Analysis with our patented Component Expert System technology, providing customers with a more intelligent view into all of the processes, people, locations, and technology that can pose a data security risk to an information system.,” says Jon Stone, Clearwater’s Chief Product Officer and the lead architect behind IRM|Analysis. “Now we are making IRM|Analysis even more intelligent for customers by providing AI-driven predictive risk ratings that draw upon more than a million risks scenarios that have been analyzed within the software over time.
“The goal is to help healthcare organizations make better risk rating decisions and maximize limited resources by freeing up Risk Analysts and Managers to do higher order work in documenting the impacts of an analysis rather than getting bogged down in data preparation,” he added. “Risk rating recommendations can be automatically accepted or simply serve as guidance for the user.”
More Insightful: Peer-to-Peer Benchmarking
The new release of IRM|Analysis is also bringing more insight to customers in the form of new benchmarking capabilities that empower organizations to compare their performance across key risk analysis and risk management metrics to relevant peers. Peer-to-Peer Benchmarking includes comparative data such as:
- The percentage of risks greater than or equal to the defined threshold
- The top vulnerabilities associated with risks that are greater or equal to the threshold
- The percentage of controls that are missing or deficient for risks greater than or equal to the threshold
“One of the most common questions we are asked by customers is, how do our metrics compare to other organizations in the industry?” Stone says. “Delivered as part of the CyberIntelligence Dashboards in the software and available to all Platinum and Gold subscribers, customers can now get direct access to that insight.”
More Automated: Integration with ServiceNow IT Asset Management
Analyzing cyber risk begins with building a comprehensive IT asset inventory. Through integration with ServiceNow’s IT Asset Management solution, which a growing number of healthcare organizations use to maintain their asset inventory, IRM|Analysis enables users to address the first steps of the risk analysis process in a more rapid and automated manner.
“With limited resources and a rapidly evolving IT environment, developing an asset inventory to support a comprehensive risk analysis can be a challenge for organizations,” Stone says. “The integration we have developed between ServiceNow and IRM|Analysis brings automation to the process that will make it significantly easier and more efficient for our customers.”
These latest innovations build on the tradition of innovation and leadership that has helped Clearwater earn the #1 rating for Compliance and Risk Management solutions in Black Book Market Research’s annual healthcare industry survey the past four years in a row. The new capabilities will be available as part of the 6.0 release of the software, scheduled for deployment later this month.