Clearwater Helps Regional and Critical Access Hospitals Improve Cybersecurity With Education, Advisory and Managed Services Aligned to 405(d) HICP

Largest Pure-Play Healthcare Cybersecurity and Compliance Firm Affirms Commitment to Serving Key Part of the Healthcare Ecosystem With Solutions Designed Specifically to Meet Their Needs and Constraints

Nashville, TN (August 8, 2023) – Clearwater, the largest pure-play provider of cybersecurity and compliance solutions for healthcare organizations, announced today a new initiative focused on helping regional and critical access hospitals reduce the risk of adverse outcomes from cyberattacks and breaches. Comprised of educational assistance, assessment of cybersecurity practices against defined 405(d) Health Industry Cybersecurity Practices (HICP), and expert resources to efficiently build and operate a reasonable and appropriate cybersecurity program, the Clearwater Cyber Now Initiative is designed to help America’s most vulnerable hospitals protect themselves against threat actors.

Hospitals of all sizes have valuable electronic protected health information highly sought after by an increasingly growing number of threat actors. Recently, threat actors have specifically targeted critical access and regional hospitals with ransomware, which has led to some shutting down systems for weeks at a time and contributing to the closure of Saint Margaret’s Health in Spring Valley, IL. Smaller hospitals typically don’t have the resources or expertise to implement and operate cybersecurity best practices.  Clearwater seeks to provide these smaller healthcare organizations the advantages that larger hospitals have from scale.

“Since the earliest days of Clearwater, our company has been committed to serving the cybersecurity needs of regional and critical access hospitals across the country,” said Clearwater CEO Steve Cagle. “We’re proud to count dozens of those organizations among our client base today.

“But there are many regional and critical access hospitals that still lack the knowledge and resources to effectively defend themselves from the cyberattacks that continue to plague the healthcare industry,” Cagle continued. “These hospitals are vital to ensuring patients in rural and underserved communities have access to healthcare—what happens if a ransomware attack cripples their ability to deliver care? Patient lives are at stake. Leveraging the small or medium sub-practices in the 405(d) HICP framework and the full resources at Clearwater, these hospitals can avoid breaches and cyberattacks and build a resilient cybersecurity posture to minimize impact and recover quickly if needed.”


The first prong of the Clearwater Cyber Now Initiative is a free seminar focused on educating hospital C-suite executives and board members on enterprise cyber risk management in healthcare. As the company whose founder Bob Chaput wrote the leading book on the subject, which The Governance Institute adapted in mid-2021 into a toolbook for its members, Clearwater is uniquely positioned to deliver education that helps organizations understand cybersecurity as a true enterprise risk concern that requires ongoing attention and support from the board. Seminars can be delivered virtually or in person based on the hospital’s preference.


The 405(d) HICP framework offers control and best practices to address the leading threats to healthcare organizations while recognizing that organizations of different types and sizes have different needs and resources. Clearwater was the first company to introduce an assessment tool focused on 405(d) HICP, and since the introduction of that tool in early 2022, numerous healthcare organizations have used it to gauge their security practices relative to those outlined in the guide and make necessary improvements. The software, IRM|405(d) HICP™, has recently been updated to map to the changes introduced in the 2023 edition of 405(d) HICP. Clearwater’s 405(d) HICP assessment leverages the power and efficiency of the software, combined with the knowledge and experience of our expert consultants, to deliver an evaluation and documentation of how the organization is following the HICP sub-practices that are relevant for the organization’s size so it can work to bridge any gaps and have easy reporting available in the event of an Office for Civil Rights audit or investigation.  


As part of its Cyber Now Initiative, Clearwater has developed a new version of its popular ClearAdvantage® managed services program, which has been widely adopted by physician practice management and digital health organizations. ClearAdvantage is an outsourced cybersecurity and compliance program built, executed and matured by Clearwater. This version of the ClearAdvantage program is aligned with the small and medium sub-practices of the 405(d) HICP practice guides. The ClearAdvantage managed services program includes experienced leadership from a Clearwater virtual Chief Information Security Officer (vCISO), on-demand access to Clearwater’s deep pool of subject matter experts, support from its 24x7x365 Security Operations Center, and a subscription to Clearwater’s award-winning IRM|Pro® software suite, featuring the healthcare industry’s most powerful tools for identifying and managing cyber risk and maintaining compliance with key regulations.  Through the program, regional and critical access hospitals can avoid cyber incidents, minimize impact and recover quickly when necessary, and deliver patient care with the confidence that they’re secure, compliant, and resilient.   

To learn more about how Clearwater is assisting regional and critical access hospitals, visit To inquire about the Cyber Now Initiative, contact us

About Clearwater

Clearwater helps organizations across the healthcare ecosystem move to a more secure, compliant, and resilient state so they can achieve their mission. The company provides a deep pool of experts across a broad range of cybersecurity, privacy, and compliance domains, purpose-built software that enables efficient identification and management of cybersecurity and compliance risks, and a tech-enabled, 24x7x365 Security Operations Center with managed threat detection and response capabilities. To learn more, please visit

For more information or press inquiries, please contact:

John Howlett SVP and Chief Marketing Officer
Clearwater 773.636.6449


Sign up to receive our monthly newsletter featuring resources curated specifically to your concerns.

Related Blogs

With Us