Select Page

Clearwater on ISMG: Practice the Art of Diligence

In a recent conversation with ISMG’s Tom Field, SVP of Editorial, Clearwater’s Chief Risk Officer, and SVP of Consulting and Customer Success, Jon Moore shared some guidance around practicing due diligence while onboarding new partners and during M&A activities.

Field asked Moore why there is such an awakening around due diligence right now; Moore explained that there’s a rise in mergers, acquisitions, and joint ventures as healthcare entities work to deliver higher levels of care in more sustainable models. At the same time, healthcare cyberattacks have topped the list of most expensive breaches, tipping over the $10 million mark as the average cost of a breach. Finally, there’s growing concern over third-party risk, further driving the need for due diligence in the partnership process.

Field and Moore discussed what happens when organizations practice good cyber risk management during onboarding only to relax these efforts later. Moore warned that as the success of a new venture gains traction, risks grow simultaneously-something healthcare leaders should pay close attention to, ensuring good cyber risk management practices stay in place.

Field and Moore also covered topics like key red flags and how to ensure that security concerns don’t detail a partnership. Watch the interview in its entirety here.

Jon Moore on ISMG

Need help with due diligence?

Let’s connect

Newsletter

Sign up for our monthly newsletter discussing hot topics and access to invaluable resources.


Related Blogs

Rethinking the HIPAA Security Rule: Why Forward Path 2025 Might Be the Better Way Forward

Rethinking the HIPAA Security Rule: Why Forward Path 2025 Might Be the Better Way Forward

Late last year, the US Department of Health and Human Services (HHS) introduced a more prescriptive regulatory framework for the HIPAA Security Rule, which comes at a critical time. As the industry faces unprecedented numbers of breach-related sensitive record exposures, it’s clear healthcare organizations and their supporting partners need to do more to protect patient data, but is the Notice of Proposed Rulemaking (NPRM) to update the HIPAA Security Rule the answer?
Assumed Breach Simulation: Lateral Movement

Assumed Breach Simulation: Lateral Movement

A cyberattack doesn’t always start with an exposed perimeter. Sometimes, all it takes is a single compromised workstation — compromised through social engineering attacks, use of weak access management. To help clients gauge the potential for a breach to occur through these attack vectors, I and my colleagues on Clearwater’s Technical Testing team perform what is called assumed breach testing – a cybersecurity assessment that evaluates an organization’s ability detect, respond to, and recover from a breach.
RSA 2025 Recap: AI, Innovation, and Identity Take Center Stage

RSA 2025 Recap: AI, Innovation, and Identity Take Center Stage

The cybersecurity world descended on San Francisco last week for RSA Conference 2025, and Clearwater was proud to be there alongside our Redspin colleagues. From AI to identity, from innovation to infrastructure, this year’s RSA reflected both the rapid evolution of cybersecurity technology, and the mounting pressure on organizations to stay ahead of new threats. Here’s what stood out to our team on the ground.
No results found.