From: Clearwater Compliance
Clearwater Further Streamlines Enterprise Risk Analysis for Health Systems with Its New “Component Expert System” Technology, an Enhancement to Its IRM|Analysis™ Software
NASHVILLE, Tenn.–(BUSINESS WIRE)–As the healthcare industry continues to be targeted by cyber attacks, Clearwater has released new, breakthrough technology that provides hospitals and health systems with a more intelligent view into all of the processes, people, locations, technology and components that can pose a data security risk to an information system. Clearwater’s new Component Expert System (CES), embedded in its IRM|Analysis™ software, enables hospitals and health systems to complete the security risk analysis (SRA) process more efficiently across the enterprise by logically grouping similar information system components based on their properties and associated controls. The patent-pending technology automatically identifies relevant cyber and information risk scenarios, thereby facilitating a more effective risk assessment process.
Clearwater released new, breakthrough technology to provide hospitals a more holistic view of components that pose a data security risk.
“For a large and complex hospital or healthcare system, it can be daunting to try to perform a comprehensive cyber risk analysis,” said Clearwater’s Jon Stone, senior vice president for Product Innovation. “IRM|Analysis™ with CES technology, offers health systems advanced decision support technology that provides them with a view of the entire threat surface, fully adapted to address the specific vulnerabilities and risk scenarios that are related to their specific technologies and systems.”
For context, the U.S. Department of Health and Human Services reported more than 400 hacks of health data systems in 2018, an increase of more nearly 25 percent. Despite the increasing threats, the most recent CHIME survey of healthcare leaders found only 16 percent reported having a fully functioning cybersecurity program. Many cite complexity as a barrier to completing a comprehensive cyber risk analysis.
By leveraging intuitive wizards, IRM|Analysis™ with CES further streamlines the investigative process, by adding a simple set of intuitive questions to identify the precise set of vulnerabilities, threats and controls that must be addressed in order to implement a comprehensive cyber risk management program.
Clearwater CEO Steve Cagle noted, “Effective data security always starts with a comprehensive risk analysis. Our CES technology takes cyber risk analysis to the next level. The advanced functionality of IRM|Analysis™ with CES creates a more accurate and efficient process of conducting an enterprise-wide risk analysis and gives hospitals and health systems the exact roadmap they need to immediately strengthen risk management and cybersecurity.”
IRM|Analysis™ has been deployed by hundreds of hospitals and health systems, and ensures appropriate identification of and response to high risks. It offers integrated workflow and dashboard reporting that facilitates management of critical risk remediation actions. IRM|Analysis™ helps hospitals and health systems to improve their security posture, optimize budgets and resources, and achieve HIPAA compliance by providing visibility to each organization’s cybersecurity exposures. IRM|Analysis™ meets all nine requirements of a Security Risk Analysis based on the Office for Civil Rights Guidance Publication. OCR has accepted Risk Analyses conducted with IRM|Analysis 100 percent of the time when performed in accordance or in conjunction with Clearwater’s recommendations and advice. CES is configured as an out-of-the-box enhancement to the IRM|Analysis™ software tool and is designed for fast and efficient installation to empower hospitals and health systems to quickly bolster their cyber risk management systems.
In addition to increasing the risk of a breach, an insufficient risk analysis may lead to OCR fines and reputational damage. In fact, 89 percent of OCR enforcement actions involving ePHI cite failure to perform a sufficient risk analysis as a primary deficiency. Leading healthcare organizations such as Sentara, Advocate, CHRISTUS, and Baptist Health South Florida, have solved these critical cyber risk challenges by implementing Clearwater’s IRM|Analysis software.
submitted by: Kaki Clements