Blog
We know you have many questions. That’s why our team has curated top-notch resources to help you along your healthcare cybersecurity and compliance journey.
Compliance & Cybersecurity & Risk Management Blogs from Industry Experts
Filter by Topic:
- All
- Cyber Risk Management
- Cybersecurity
- Privacy
- Digital Health
- HIPAA
- Security Management
- Medical Device Security
- Cyber Briefing
- OCR Enforcement
- Threat Information
- Compliance
- Risk Analysis
- Vendor Risk Management
- Cloud
- CMMC
- Artificial Intelligence
- NIST-800-171
- Resiliency
- HITRUST
- Security Control Validation
- Incident Response & Planning
- Due Diligence
- Vulnerability Management
OCR Risk Analysis, an Update for Covered Entities
A review of OCR Enforcement Findings from 2025 (March-July)
OCR’s latest enforcement push is driving healthcare ...
Rethinking the HIPAA Security Rule: Why Forward Path 2025 Might Be the Better Way Forward
Late last year, the US Department of Health and Human Services (HHS) introduced a more prescriptive regulatory framework for the HIPAA Security Rule, which comes at a critical time.As the industry faces unprecedented numbers of breach-related sensitive record exposures, it’s clear healthcare organizations and their supporting partners need to do more to protect patient data, but is the Notice of Proposed Rulemaking (NPRM) to update the HIPAA Security Rule the answer?
Assumed Breach Simulation: Lateral Movement
A cyberattack doesn’t always start with an exposed perimeter. Sometimes, all it takes is a single compromised workstation — compromised through social engineering attacks, use of weak access management. To help clients gauge the potential for a breach to occur through these attack vectors, I and my colleagues on Clearwater’s Technical Testing team perform what is called assumed breach testing – a cybersecurity assessment that evaluates an organization’s ability detect, respond to, and recover from a breach.
RSA 2025 Recap: AI, Innovation, and Identity Take Center Stage
The cybersecurity world descended on San Francisco last week for RSA Conference 2025, and Clearwater was proud to be there alongside our Redspin colleagues. From AI to identity, from innovation to infrastructure, this year’s RSA reflected both the rapid evolution of cybersecurity technology, and the mounting pressure on organizations to stay ahead of new threats. Here’s what stood out to our team on the ground.
Commentary on the Oracle Health Breach
Steve Cagle, Clearwater CEO
As many in the healthcare sector are aware, it has been reported that Oracle ...
Potential Oracle Cloud Breach
A significant concern has emerged involving Oracle Cloud services. Reports have surfaced regarding the alleged sale of 6 million records extracted from Oracle Cloud’s Single Sign-On (SSO) and LDAP directories.
Are You Ready For Quantum Day in Healthcare?
From AI-driven diagnostics to wearable smart devices and telehealth breakthroughs,
rapid digital transformation drives modern healthcare service delivery.From what was once a tech-resistant industry — and one where many legacy systems still play critical roles in operations — healthcare tech adoption has radically evolved since pre-COVID.With all these breakthroughs and benefits, many covered entities and business associates struggle to keep pace with the increased risk these innovations introduce into the modern healthcare ecosystem. The more technologies, web apps, smart devices, and cloud services your organization adopts, the greater chance of a cyber breach.
Clinical Research Organizations: M&A Goldmine or Cyber Risk Liability?
The market for clinical trials is experiencing significant momentum in mergers and acquisitions (M&A). Private equity (PE) investment in Clinical Research Organizations (CROs) and Site Management Organizations (SMOs) is being spurred by site consolidation, expansion of specialized services, and technology innovation. These firms are important players in the pipeline of drug development and the best targets for investors who wish to capitalize on healthcare innovation.
8 Easy Ways to Prepare for an OCR HIPAA Compliance Audit
The Office for Civil Rights (OCR) has officially launched its third round of HIPAA audits, following previous assessments in 2012 and 2016. Learn 8 easy ways to prepare for an OCR HIPAA compliance audit and safeguard your health information against rising cyber threats. Past audits revealed widespread compliance gaps, prompting increased oversight.
OCR’s Proposed HIPAA Security Rule Notice of Proposed Rulemaking
In Part 1 of this blog, I provide an overview of OCR’s proposed changes to the HIPAA Security Rule, some commentary on the background, rationale and the potential impact on healthcare, descriptions of key changes in definitions, and OCR’s broader themes. In Part 2, I will dive into specific proposed new or updated standards and implementation specifications and speculate on what may happen next.
2024: Year in Review for Healthcare Security & Compliance
Our gift to you: a year-end wrap-up featuring Clearwater highlights and top resources on risk, security, compliance, and resiliency.
Navigating the HIPAA Privacy Rule for Reproductive Healthcare: Compliance Essentials Before the December 2024 Deadline
In an era where the privacy of reproductive healthcare has become a topic for debate, healthcare organizations face growing fears and challenges over the potential misuse of sensitive patient data. Recent legal developments, coupled with the shifts following the Dobbs v. Jackson decision, have shown the urgent need for robust safeguards. Notably, the December 23, 2024 compliance deadline for the HIPAA Privacy Rule Final Rule to Support Reproductive Health Care Privacy offers a pivotal moment to address these concerns.
No results found.
Register Today to Get Monthly Invites
Featured Resource
WHITE PAPER[Updated August, 2025]Introduction
If you’re a healthcare covered entity or business associate, ...
No results found.