Clearwater Further Streamlines Enterprise Risk Analysis for Health Systems with Its Patent-Pending “Component Expert System” Technology

Innovative, patent-pending technology dramatically improves accuracy and efficiency while providing an unprecedented view of a system’s entire threat surface

April 04, 2019

NASHVILLE, Tenn.–(BUSINESS WIRE)–As the healthcare industry continues to be targeted by cyber attacks, Clearwater has released new, breakthrough technology that provides hospitals and health systems with a more intelligent view into all of the processes, people, locations, technology and components that can pose a data security risk to an information system. Clearwater’s new Component Expert System (CES), embedded in its IRM|Analysis® software, enables hospitals and health systems to complete the security risk analysis (SRA) process more efficiently across the enterprise by logically grouping similar information system components based on their properties and associated controls. The patent-pending technology automatically identifies relevant cyber and information risk scenarios, thereby facilitating a more effective risk assessment process.

“For a large and complex hospital or healthcare system, it can be daunting to try to perform a comprehensive cyber risk analysis,” said Clearwater’s Jon Stone, senior vice president for Product Innovation. “IRM|Analysis® with CES technology, offers health systems advanced decision support technology that provides them with a view of the entire threat surface, fully adapted to address the specific vulnerabilities and risk scenarios that are related to their specific technologies and systems.”

For context, the U.S. Department of Health and Human Services reported more than 400 hacks of health data systems in 2018, an increase of more nearly 25 percent. Despite the increasing threats, the most recent CHIME survey of healthcare leaders found only 16 percent reported having a fully functioning cybersecurity program. Many cite complexity as a barrier to completing a comprehensive cyber risk analysis.

By leveraging intuitive wizards, IRM|Analysis® with CES further streamlines the investigative process, by adding a simple set of intuitive questions to identify the precise set of vulnerabilities, threats and controls that must be addressed in order to implement a comprehensive cyber risk management program.

Clearwater CEO Steve Cagle noted, “Effective data security always starts with a comprehensive risk analysis. Our CES technology takes cyber risk analysis to the next level. The advanced functionality of IRM|Analysis® with CES creates a more accurate and efficient process of conducting an enterprise-wide risk analysis and gives hospitals and health systems the exact roadmap they need to immediately strengthen risk management and cybersecurity.”

IRM|Analysis® has been deployed by hundreds of hospitals and health systems, and ensures appropriate identification of and response to high risks. It offers integrated workflow and dashboard reporting that facilitates management of critical risk remediation actions. IRM|Analysis® helps hospitals and health systems to improve their security posture, optimize budgets and resources, and achieve HIPAA compliance by providing visibility to each organization’s cybersecurity exposures. IRM|Analysis® meets all nine requirements of a Security Risk Analysis based on the Office for Civil Rights Guidance Publication. OCR has accepted Risk Analyses conducted with IRM|Analysis 100 percent of the time when performed in accordance or in conjunction with Clearwater’s recommendations and advice. CES is configured as an out-of-the-box enhancement to the IRM|Analysis® software tool and is designed for fast and efficient installation to empower hospitals and health systems to quickly bolster their cyber risk management systems.

In addition to increasing the risk of a breach, an insufficient risk analysis may lead to OCR fines and reputational damage. In fact, 89 percent of OCR enforcement actions involving ePHI cite failure to perform a sufficient risk analysis as a primary deficiency. Leading healthcare organizations such as Sentara, Advocate, CHRISTUS, and Baptist Health South Florida, have solved these critical cyber risk challenges by implementing Clearwater’s IRM|Analysis software.

About Clearwater

Clearwater provides the most complete and trusted, enterprise-class cyber risk management solution available. Designed for healthcare providers and their partners, Clearwater’s IRM|Pro® platform and experienced professional services team provide insights and actions to address compliance, cyber and patient safety risks. Clearwater is a 2017 Inc. 5000 fastest-growing company, the 2018 Best in KLAS winner in Cybersecurity Advisory Services, the 2017 and 2018 Black Book Marketing Research winner in Compliance and Risk Management Solutions, and endorsed by numerous state hospital associations. Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations, and federal government institutions. More information about Clearwater is at

Media Contact

Kriste Goad | | (615) 440-9049


Sign up to receive our monthly newsletter featuring resources curated specifically to your concerns.

Related Blogs

With Us