Clearwater Introduces IRM|Performance™ to Power Cybersecurity Maturity and Resiliency

New software solution is purpose-built to help healthcare organizations gauge cybersecurity program performance against the proven standards of the NIST Cybersecurity Framework

HIMSS Global Conference / Orlando, FL (March 12, 2024) – Clearwater, the largest pure-play provider of cybersecurity and compliance solutions for the healthcare industry, announced today at the HIMSS Global Conference & Exposition a new addition to its proprietary SaaS platform, IRM|ProÒ. The solution, IRM|Performance, is a force-multiplying component of Clearwater’s tech-enabled NIST CSF Maturity Assessment and equips healthcare executives with ongoing performance indicators, dashboards, and reporting related to their organization’s cybersecurity program performance. IRM|Performacne enables healthcare organizations to measure their conformance relative to the NIST CSF – a healthcare industry standard – and the HHS Voluntary Cybersecurity Performance Goals, published earlier this year.

2024 has already seen some of the worst cyberattacks in healthcare history, with the recent Change Healthcare attack and the attack on Lurie Children’s Hospital shortly before, which left the hospital’s systems shut down for at least four weeks. Healthcare CISOs, CIOs, and IT leaders tasked with protecting their patients, systems, and organizations face a difficult challenge against ruthless and elusive cyber criminals, but by using the NIST Cybersecurity Framework as a guidepost, they can draw upon proven standards and practices that have been developed to promote the protection of critical infrastructure.

Designed to empower healthcare organizations to gauge the current state and demonstrate program maturation over time, IRM|Performance and the NIST CSF Maturity Assessment, delivered by Clearwater’s dedicated healthcare cybersecurity experts, provide powerful insights into cybersecurity programs and show healthcare leaders a clear path to better cyber resiliency.  Report outputs provide both operational reporting for IT and Security personnel and executive-level outputs appropriate for Risk Governance Committees and Boards of Directors.

IRM|Performance complements Clearwater’s existing and field-proven IRM|Analysis module and accompanying Risk Analysis services.  Performing an accurate and thorough analysis of vulnerabilities and risks for all systems with electronic protected information is a requirement of the HIPAA Security Rule.  Clearwater’s IRM|Analysis was purpose-built to meet the guidance and expectations of the Office for Civil Rights, which enforces HIPAA for the U.S. Department of Health & Human Services (HHS). Over the last decade, Clearwater’s deliverables, performed with IRM|Analysis, have been accepted by OCR 100% of the time. 

Combined in a single platform, IRM|Performance couples maturity assessments with risk analysis, amplifying the power of the platform to address today’s more advanced security assessment and regulatory compliance demands.

“We’ve been helping healthcare leaders evaluate the performance of their cybersecurity programs against NIST CSF for a long time,” says Clearwater’s Chief Product Officer Jon Stone. “We developed IRM|Performance to take these assessments to the next level by incorporating the results into the IRM|Pro platform to be leveraged alongside the rest of an organization’s cyber risk data and delivering the kind of dashboards and reporting that not only help tell the story of an organization’s cybersecurity maturity but also give leaders a roadmap for continuously validating and improving their cybersecurity posture.”

“These past few weeks have been brutal for healthcare organizations,” Clearwater CEO Steve Cagle says. “When one organization falls victim to a cyberattack, the ripple effect can impact care delivery, employees, and patient safety throughout the industry. Clearwater is proud to deliver tech-enabled solutions and services to help organizations stand up to cyber threats and prevent successful attacks like those we’ve seen in the past few weeks. IRM|Performance and our NIST CSF Maturity Assessment are key to this level of cyber resiliency as they give leaders visibility into their current program performance and a means to communicate where they’re headed as an organization and what they need to get there.”

IRM|Performance is part of Clearwater’s SaaS platform, IRM|Pro, built to help healthcare organizations solve their greatest cybersecurity and compliance challenges. From completing a thorough information asset-based risk analysis, meeting the requirements of HIPAA’s Security and Privacy & Breach Notification Rules, and measuring performance against frameworks like 405(d) HICP and NIST CSF, each module helps identify exposures, manage and reduce the likelihood of a breach, save time and money, and meet compliance requirements by identifying the unique threats and vulnerabilities applicable to an organization.

Visit Clearwater in booth #1618 in the Cybersecurity Command Center at the HIMSS Global Conference & Exhibition to learn more about how the company is moving healthcare organizations to a more secure, compliant, and resilient state through a powerful combination of managed services, consulting, and software.

About Clearwater

Clearwater helps organizations across the healthcare ecosystem move to a more secure, compliant, and resilient state so they can achieve their missions. The company provides a deep pool of experts across a broad range of cybersecurity, privacy, and compliance domains, purpose-built software that enables efficient identification and management of cybersecurity and compliance risks, and a tech-enabled, 24/7 Security Operations Center with managed threat detection and response capabilities. To learn more, please visit

For more information or press inquiries, please contact:

John Howlett
SVP and Chief Marketing Officer


Sign up to receive our monthly newsletter featuring resources curated specifically to your concerns.

Related Blogs

With Us