Clearwater’s purpose-built software helps healthcare orgs identify, prioritize, and respond to cyber risks

As cyberattacks surge during the COVID-19 crisis and information security teams at healthcare providers and their vendors work to manage new vulnerabilities and threats borne from the rapid transition to a remote workforce, Clearwater’s IRM|Analysis software is helping more than 400 healthcare customers rapidly identify, prioritize, and respond to cyber risks on an enterprise scale.

Designed to facilitate a consistent, information system-focused risk analysis, the software provides the means to assess risk scenarios presented in a work-from-home environment.

Using IRM|Analysis, healthcare organizations can re-evaluate the controls that are in place to mitigate the likelihood of a threat exploiting a vulnerability that may exist within information system components that are now in use by remote workers.

Risk scenarios embedded within IRM|Analysis include:

• The inability to adequately respond to disaster – Lack of contingency planning risk scenario for the security and governance component
• The improper disclosure or use of sensitive data – Insufficient personnel training risk scenario for all internal and external user components
• Multiple scenarios related to any device furnished by the organization to its staff for use at home, such as laptops and cellphones
• Multiple scenarios pertaining to whatever External Network Component is used by the organization to provide remote access to internal organizational systems
• Multiple scenarios for any application or software-as-a-service component used by the organization for email, to store or exchange files remotely (e.g. DropBox, Google Drive, Microsoft OneDrive, etc.), exchange text messages (e.g. Skype, Microsoft Teams, Facebook Messenger, etc.), or conduct remote meetings (e.g. Zoom, GoToMeeting, Webex, etc.)

Upon identifying risks, customers can prioritize any risks above their risk threshold and determine whether to accept, transfer, avoid, or mitigate the risk.

In cases where organizations decide to implement additional security measures to reduce risk, Clearwater is making its expert Consulting team available to customers at no charge – as capacity permits – to help them thoughtfully consider which risk scenarios they should assess and provide consultation on available options that can be implemented both quickly and in the context of a work-at-home environment.

“When our healthcare organizations are already under stress, it is even more important that we keep our systems up and healthcare information flowing,” said Clearwater CEO Steve Cagle.

“It is unfortunate that at a time like this we need to worry even more about bad actors who might put patient lives in danger with a ransomware attack or attempt to steal sensitive patient data. Trying times can bring out the worst in people, but they can also bring out the best.

“Clearwater is proud to be playing a small role in helping our healthcare heroes maintain a strong cybersecurity posture while they work to meet patient and community needs.”