Patent Issued for AI-Enabled Predictive Risk Rating Capability of Clearwater’s IRM|Analysis® Software

Innovative Application of Artificial Intelligence and Machine Learning Gives Healthcare Organizations Additional Capabilities to Stop Threat Actors by Enabling Them to Make Better Cyber Risk Decisions

Nashville, TN (April 17, 2023) – Clearwater, a leading provider of cybersecurity and compliance solutions for healthcare organizations, announced today that the U.S. Patent and Trademark Office has issued a patent for the Predictive Risk Rating capability within its IRM|Analysis® software.

Since its introduction more than 10 years ago, IRM|Analysis has become the healthcare industry’s gold standard for performing comprehensive, efficient, by-the-book cyber risk management – including risk analysis and risk response – on an ongoing basis. Used by many of the nation’s largest health systems, major physician groups, leading health IT companies, and other business partners, IRM|Analysis software helps healthcare organizations understand where their greatest cyber risks lie at both the enterprise level, as well as for each of their unique information assets, and enables them to take action in addressing those risks. The software also empowers healthcare organizations to meet the Security Risk Analysis requirement of the HIPAA Security Rule, in alignment with guidance from the Office for Civil Rights.

IRM|Analysis employs built-in algorithms to:

  • Determine potential vulnerability and threat scenarios that should be considered for each information asset and each of their components
  • Automatically recommend controls to mitigate threats exploiting vulnerabilities in these specific risk scenarios
  • Provide a standard means to rate risk based on both the likelihood of an event (based on the controls in place or not in place) and the harm that would be caused (based on the importance of the information system or its data to that organization)
  • Enable an organization to prioritize and report on risks across the enterprise in a consolidated or “drill down” manner through integrated reporting tools and dashboards

In early 2021, Clearwater added the Predictive Risk Rating capability to IRM|Analysis, leveraging artificial intelligence and machine learning technology to tap into more than a million risk ratings generated by the company’s experts and its community of software users to help healthcare organizations more quickly and confidently analyze risk across the enterprise. This unique and powerful capability provides Clearwater customers, as well as Clearwater’s consultants, with suggestions on likelihood and impact ratings for their unique risks to specific information assets and their components based on their specific controls.

“Whether our customers perform an internal risk analysis, or our consultants provide an external view, our goal is to drive better risk decisions by leveraging the wealth of knowledge that exists among our expert community of users,” said Jon Stone, SVP and Chief Product Officer at Clearwater. “Predictive Risk Rating recommendations can be automatically accepted or simply serve as guidance for the user.”

“An organization’s ability to understand cyber risk is key to its ability to stay ahead of threat actors, “ said Jon Moore, Clearwater’s Chief Risk Officer and head of Consulting Services and Customer Success. “I’m very proud of the work our Product Innovation and Consulting teams do to help our customers across the healthcare industry develop a strong understanding of the security risks throughout their environment.”

Customers have affirmed Clearwater’s leadership in helping them analyze cyber risk across their organization, drawing upon powerful, proprietary software and a team of expert consultants who have a deeper understanding of healthcare environments than any other firm in the industry.

“The true risk assessment has made the biggest impact,” commented a CIO-level customer to KLAS researchers in a March 2022 interview discussing the organization’s work with Clearwater. “Other companies give risk assessments, but Clearwater came in and did a very clearly laid-out job. We have the best picture of our risk that we have had since I have been with the company.”

About Clearwater

Clearwater helps organizations across the healthcare ecosystem move to a more secure, compliant, and resilient state so they can achieve their missions. The company provides a deep pool of experts across a broad range of cybersecurity, privacy, and compliance domains, purpose-built software that enables efficient identification and management of cybersecurity and compliance risks, and a tech-enabled, 24x7x365 Security Operations Center with managed threat detection and response capabilities. To learn more, please visit



Sign up to receive our monthly newsletter featuring resources curated specifically to your concerns.

Related Blogs

With Us