Top Three Most Common Health System Patient Data Security Weaknesses Revealed by Clearwater CyberIntelligence™ Institute
NASHVILLE, Tenn.—(BUSINESS WIRE)—The three most critical and common high-security cyber risks facing healthcare delivery organizations and their partners have been uncovered in a first-of-its-kind analysis by the Clearwater CyberIntelligence™ Institute (CCI). CCI was formed earlier this year to leverage insights from Clearwater’s proprietary database created by IRM|Analysis™. The database, containing millions of risk records accumulated during the completion of comprehensive, NIST-based risk analyses for hundreds of Clearwater customers over the last six years, is the industry’s largest and most complete database focused exclusively on the unique cybersecurity risk profiles of hospitals, Integrated Delivery Networks (IDNs) and business associates.
At the top of the patient data breach vulnerability list is User Authentication Deficiencies, followed by Endpoint Leakage and Excessive User Permissions, the CCI analysis revealed. Together, the top three areas of vulnerability account for nearly 37 percent of all critical risk scenarios.
“Hospital executives should direct their immediate attention to these three top vulnerabilities and consider action to reduce their organization’s risk profile,” said Clearwater’s Jon Stone, who leads CCI and serves as senior vice president for Product Innovation. “It is critically important that hospitals and health systems evaluate their organization’s information systems to determine their specific risk ratings on these three critical vulnerabilities and take the necessary steps to close any gaps.”
For context, User Authentication Deficiencies are weaknesses in the process used by an organization to uniquely identify and verify a user. Examples of deficiencies include such things as use of generic User IDs and/or passwords, posting user passwords on monitors or under keyboards, and emailing user credentials unencrypted over external networks. Some of the most common technology associated with these gaps include servers and SaaS (Software-as-a-Service) solutions. Complete findings can be found in the first edition of the Clearwater CyberIntelligence Insight Bulletin.
CCI was established earlier this year as a response to the exponentially growing threat surface from the Internet of Things (IoT) and the proliferation of attackers in healthcare. The data mining and informatics team at the Institute uses advanced analytics techniques to identify common security weaknesses found in hospitals, health systems and other healthcare organizations and provide actionable steps they can take to better protect themselves and their patient data from cyber attack. CCI leverages the enormous data set of cyber risk information stored in its proprietary IRM|Analysis™ database, which was built over the last six years from millions of risk records collected from hundreds of hospitals, Integrated Delivery Networks (IDNs) and business associates while completing comprehensive, NIST-based cybersecurity Risk Analyses.
“IRM|Analysis has become the industry’s gold standard for performing an OCR-Quality Risk Analysis, and with so many hospitals now using the software, we are accumulating an enormous amount of data,” noted Steve Cagle, CEO of Clearwater. “Clearwater will continue to leverage this data to provide insights and best practices to its Customers, as we continue to build upon reputation of thought leadership in risk analysis and cyber risk management.”
About Clearwater CyberIntelligence™ Institute (CCI)
CCI harnesses the power of a database populated by healthcare organizations that contain millions of risk records from hospitals, Integrated Delivery Networks (IDNs) and business associates to safeguard patient safety and private organizations against cyber threats. Launched in 2018, CCI was established as a response to the exponentially growing threat surface from the Internet of Things and the proliferation of attackers in healthcare. The data mining and informatics team at the CCI institute uses advanced analytics techniques to provide useful publications to identify common security weaknesses found in hospitals, health systems and other healthcare organizations. Hospital executives can direct their immediate attention to threats, vulnerabilities and control deficiencies identified by CCI and perhaps take immediate action to reduce their organization’s risk profile.
Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro™ platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017 and 2018 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and exclusively endorsed by the American Hospital Association as well as numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. More information about Clearwater is at www.clearwatercompliance.com.