Clearwater

TODAY | 12 PM CT-Healthcare's Monthly Cyber Briefing Join us for our monthly critical threat and regulatory brief PLUS Clearwater CEO Steve Cagle, MBA, HCISPP, CHISL, CDH-E and Erik Pupo, Director at Guidehouse Health sit down for a conversation on how emerging healthcare technology trends are reshaping the cyber risk landscape. We’ll explore: -How digital transformation is changing provider risk profiles -New threats emerging from accelerated AI adoption and data exchange -How CISOs can align innovation efforts with practical risk mitigation strategies -What’s coming next and where blind spots may exist This is a strategic session for security leaders navigating constant disruption and rising expectations. 🔗 https://bit.ly/4frH9cB #HealthcareCybersecurity #HealthIT #AIinHealthcare #CyberRisk #ClearwaterSecurity #Guidehouse #CISO #DigitalHealth

Threat Alert: NVIDIA Triton Inference Server vulnerabilities that can lead to AI/ML manipulation NVIDIA put out a security bulletin for several critical vulnerabilities that can be chained together. Due to the nature of the software, this can lead to an attack on AI models, exposing sensitive data, providing a foothold for attackers to move deeper into a network, and manipulating an AI model's responses. https://bit.ly/4mrIAtF Please review the bulletin and prioritize remediation and alternative controls to block this exposure that could allow a remote, unauthenticated attacker to execute arbitrary code and take complete control of a server. If you are an organization that works with healthcare data and leverages AI/ML, please contact Clearwater if you need assistance managing cyber risk or AI security risk assessments.

OCR has made one thing clear: a risk analysis that’s outdated, incomplete, or too high-level won’t suffice anymore. If your current process wouldn’t hold up to scrutiny, now’s the time to fix it. Our OCR-Quality® Risk Analysis Working Lab kicks off tomorrow! This fee, five-part series is designed to help healthcare leaders move from checkbox compliance to meaningful risk management. 🔹 Starts August 6 at 11 AM CT 🔹 Led by Clearwater’s expert faculty 🔹 Hands-on walk through of a full, audit-ready risk analysis using IRM|Analysis® If you’ve been wondering what “OCR-quality” really means, or how to get there, this is your blueprint. Register here: https://bit.ly/4okGT2W #HIPAA #OCR #HealthcareCompliance #RiskAnalysis

DSOs, deals, and data security. It’s all happening this week in Denver. Clearwater’s David Anderson and Robyn Borowsky Ewers are at the 2025 Dykema DSO Conference — where the future of dental is being built, scaled, and secured. We get it: Compliance doesn’t always make the front page... but it’s often what keeps you out of it. We work directly with DSOs to: 🔷 Build cybersecurity programs that grow with you 🔷 Stay ahead of HIPAA and regulatory headaches 🔷 Manage vendor and third-party risk 🔷 Be ready before an incident strikes If you're navigating growth, compliance, or just want to stress less about security — come find us! 📍 Gaylord Rockies Resort | Aug 6–8 📅 Book a meeting - https://bit.ly/4oiGvSN

Threat Alert - SonicWall Firewalls with SSLVPN A zero-day vulnerability has confirmation of in-the-field exploitation. Please read the advisory and stay up to date on the vendor's postings, https://bit.ly/3IZts8A . A likely zero-day vulnerability in SonicWall VPNs is being actively exploited to bypass MFA and deploy ransomware," Huntress warned. "Huntress advises disabling the VPN service immediately or severely restricting access via IP allow-listing. We're seeing threat actors pivot directly to domain controllers within hours of the initial breach." If you are a healthcare company, please contact Clearwater if you need assistance in assessing or mitigating this risk.

Is your risk analysis ready for OCR scrutiny? OCR is continuing to prioritize risk analysis and the latest enforcement actions show how often organizations fall short. From March to July, OCR issued settlements ranging from $25K to $800K. In nearly every case? A missing or inadequate risk analysis. We pulled together a quick update on recent enforcement actions, what’s changed under new leadership, and what covered entities and business associates should be doing now: 🔹 What’s behind the recent wave of risk analysis enforcement actions 🔹 OCR’s expectations under new leadership 🔹 Practical steps to help you stay ahead Read the blog → https://bit.ly/3UIJ6rl #HIPAA #OCR #HealthcareCompliance #RiskAnalysis #405d #NISTCSF #Cybersecurity

If a ransomware attack hit tomorrow, would your team know what to do? It’s a tough question — but one every healthcare compliance leader should be asking. On August 6, join Clearwater’s own Dawn Morgenstern, MBA, CHPC, Chief Privacy Officer, and Betsy Hodge, Partner at Akerman LLP for a practical webinar hosted by Health Care Compliance Association (HCCA) on how to prepare for — and respond to — ransomware events. They’ll walk through: • Today’s ransomware trends and their impact on care • How to engage regulators like OCR after an incident • The role compliance plays in leading an effective response Date: August 6 | Time: 12:00–1:30pm CT Register here: https://hubs.li/Q03zRhqk0 Whether you're building a plan or pressure-testing one, this session offers real-world guidance to help you be ready before an incident hits.

You’re checking every box. But the real risks? Still growing. Frameworks are everywhere — HIPAA, NIST CSF, 405(d), HHS Cyber Performance Goals. But for many healthcare organizations, that effort isn’t translating into clarity, action, or meaningful risk reduction. Clearwater’s new Enterprise Cyber Risk Management (ECRM) solution is built to change that. 🔷 Aligns with the frameworks that matter — NIST CSF 2.0, HIPAA, 405(d), and more 🔷 Combines OCR-Quality® Risk Analysis, maturity benchmarking, and real-time dashboards 🔷 Transforms fragmented assessments into a unified, strategic program 🔷 Guides teams, leaders, and boards toward decisions that actually reduce risk Insight + Direction. Not just data. ➡️ Learn more: https://hubs.li/Q03zKVPR0 📰 Read the press release: https://hubs.li/Q03zKNkx0 #HealthcareCybersecurity #RiskReduction #HIPAA #NISTCSF #CyberRisk #ClearwaterECRM #HealthcareIT

What do you do when your third party is breached? For many healthcare providers impacted by the Oracle/Cerner hack, that question is still playing out — months later. In her latest for ISMG's HealthcareInfoSecurity, Marianne McGee details the widening fallout from the incident and the difficult position providers face when vendors delay or downplay disclosure. Unfortunately, this incident isn’t unique. When asked what covered entities should do when a key health IT vendor is breached, Clearwater CEO Steve Cagle, MBA, HCISPP, CHISL, CDH-E advised: 🔹 “Healthcare providers should formally contact their vendor and ask whether their patients' or other sensitive data was involved.” 🔹 Revisit your BAA and remind the vendor of their obligations 🔹 Understand and assess the vendor’s investigation process 🔹 Consider disconnecting affected systems and activating business continuity plans Read the full piece: https://lnkd.in/erMZm2GU #ThirdPartyRisk #DataBreach #HIPAA #IncidentResponse

Proud to see our Chief Product Officer, Jon Stone, MPA, CRISC, HCISPP, PMP speaking alongside former HHS OCR leaders in a conversation that’s shaping the future of cyber risk leadership in healthcare. Hosted by Clearwater founder Bob Chaput for the Leadership in Healthcare Cyber Risk Management program at The University of Texas at Austin, the session brought together real-world experts to help the next generation of leaders move from reactive compliance to proactive, enterprise-wide risk management. Exciting to see Clearwater helping lead the way! #ECRM #CyberRiskManagement #HealthcareSecurity #ClearwaterCompliance #IRMPro