Blog
We know you have many questions. That’s why our team has curated top-notch resources to help you along your healthcare cybersecurity and compliance journey.
Compliance & Cybersecurity & Risk Management Blogs from Industry Experts
Filter by Topic:
- All
- Cyber Risk Management
- Cybersecurity
- Privacy
- Digital Health
- HIPAA
- Security Management
- Medical Device Security
- Cyber Briefing
- OCR Enforcement
- Threat Information
- Compliance
- Risk Analysis
- Vendor Risk Management
- Cloud
- CMMC
- Artificial Intelligence
- NIST-800-171
- Resiliency
- HITRUST
- Security Control Validation
- Incident Response & Planning
- Due Diligence
Turning Cybersecurity into a Culture of Trust at Cleveland Clinic
How a unique business liaison role is helping clinicians, executives, and cybersecurity teams speak the same ...
The Perennial Cybersecurity Problem: Tool Proliferation and the Talent Crisis
By: Larry Mraz, CISSP, CRISC, CHPP, CISM, CISA, BCMS
vCISO/Principal Consultant
Cybersecurity is at a breaking ...
The Human Factor: Why Phone Scams Are Still So Effective in Healthcare
By Sebastian Pina, OSCP, OASP, PNPT, PWPA, Security+Senior Consultant, Technical Testing ...
New York’s Updated Cybersecurity Regulations: The Final Compliance Deadline Arrives October 2nd
Cyberattacks targeting healthcare organizations have been on the rise, and New York State is stepping up its defenses. As of October 2, 2024, new cybersecurity regulations are in effect for general hospitals in the state, marking a significant step forward in protecting sensitive patient data and ensuring the operational resilience of healthcare facilities.
AI Prompt Injection in Healthcare: The Real Cyber Risk Hiding in Plain Sight
How clever text inputs can turn your AI assistants into security vulnerabilities
By Philip Burnham, PNPTPrincipal ...
Cross-Site Scripting (XSS): More Than a Pesky Alert
It is likely you have seen the number 1 in an alert box if you have ever had a penetration test performed on your web application. The alerted number is the most common proof-of-concept for Cross-Site Scripting.
OCR Risk Analysis, an Update for Covered Entities
A review of OCR Enforcement Findings from 2025 (March-July)
OCR’s latest enforcement push is driving healthcare ...
Rethinking the HIPAA Security Rule: Why Forward Path 2025 Might Be the Better Way Forward
Late last year, the US Department of Health and Human Services (HHS) introduced a more prescriptive regulatory framework for the HIPAA Security Rule, which comes at a critical time.
As the industry faces unprecedented numbers of breach-related sensitive record exposures, it’s clear healthcare organizations and their supporting partners need to do more to protect patient data, but is the Notice of Proposed Rulemaking (NPRM) to update the HIPAA Security Rule the answer?
Assumed Breach Simulation: Lateral Movement
A cyberattack doesn’t always start with an exposed perimeter. Sometimes, all it takes is a single compromised workstation — compromised through social engineering attacks, use of weak access management. To help clients gauge the potential for a breach to occur through these attack vectors, I and my colleagues on Clearwater’s Technical Testing team perform what is called assumed breach testing – a cybersecurity assessment that evaluates an organization’s ability detect, respond to, and recover from a breach.
RSA 2025 Recap: AI, Innovation, and Identity Take Center Stage
The cybersecurity world descended on San Francisco last week for RSA Conference 2025, and Clearwater was proud to be there alongside our Redspin colleagues. From AI to identity, from innovation to infrastructure, this year’s RSA reflected both the rapid evolution of cybersecurity technology, and the mounting pressure on organizations to stay ahead of new threats. Here’s what stood out to our team on the ground.
Clearwater at RSA 2025: Spotlighting Healthcare Cybersecurity and Critical Infrastructure
Clearwater is heading to RSA this year, and we couldn't be more excited to join the global cybersecurity community from April 28–May 1 in San Francisco. With an impressive lineup of speakers, innovative sessions, and timely conversations about the future of cyber regulation, we’re looking forward to digging into what matters most to the healthcare sector—paying special attention to sessions on protecting our nation’s critical infrastructure.
Commentary on the Oracle Health Breach
Steve Cagle, Clearwater CEO
As many in the healthcare sector are aware, it has been reported that Oracle ...
No results found.
Newsletter
Sign up for our monthly newsletter discussing hot topics and access to invaluable resources.
Featured Resource
Q3 2025 Update | Clearwater OCR-Quality® Risk Analysis Findings
Cyber attackers aren’t guessing. They’re ...
No results found.