Regional & Critical Access Hospitals

Protect Your Community with Cybersecurity Expertise and Resources Designed for Your Unique Needs

You’re critical to the health and well-being of your community—they rely on your hospital to help them manage chronic conditions, grow their families, and respond to emergencies. Without you, accessing care means travel, delays, and uncertainty.  

A breach or ransomware attack could have long-lasting and far-reaching consequences on your organization and the patients who look to you for care. 

Clearwater’s experts specialize in cybersecurity for regional and critical access hospitals; they can help you avoid downtime, protect your patients, and achieve compliance.

Uncover hidden risks, learn how they change over time, and chart a strategic course to a reasonable and appropriate security program that helps you increase resilience and stay ahead of threats.

Empowering Regional & Critical Access Hospitals Through The Cyber Now Initiative

Our new initiative is focused on helping regional and critical access hospitals reduce the risk of adverse outcomes from cyberattacks and breaches. Comprised of educational assistance, assessment of cybersecurity practices against defined 405(d) Health Industry Cybersecurity Practices (HICP), and expert resources to efficiently build and operate a reasonable and appropriate cybersecurity program, the Clearwater Cyber Now Initiative is designed to help America’s most vulnerable hospitals protect themselves against threat actors.


A free seminar focused on educating hospital C-suite executives and board members on enterprise cyber risk management in healthcare. Education is a foundational mission at Clearwater; we’re uniquely positioned to deliver education that helps organizations understand cybersecurity as a true enterprise risk concern that requires ongoing attention and support from the board. Seminars can be delivered virtually or in person based on the hospital’s preference.


The 405(d) HICP framework offers control and best practices to address the leading threats to healthcare organizations while recognizing that organizations of different types and sizes have different needs and resources. Clearwater was the first company to introduce an assessment tool focused on 405(d) HICP, and since the introduction of that tool in early 2022, numerous healthcare organizations have used it to gauge their security practices relative to those outlined in the guide and make necessary improvements. The software, IRM|405(d) HICP™, has recently been updated to map to the changes introduced in the 2023 edition of 405(d) HICP.

Clearwater’s 405(d) HICP assessment leverages the power and efficiency of the software, combined with the knowledge and experience of our expert consultants, to deliver an evaluation and documentation of how the organization is following the HICP sub-practices that are relevant for the organization’s size so it can work to bridge any gaps and have easy reporting available in the event of an Office for Civil Rights audit or investigation.


As part of our Cyber Now Initiative, Clearwater has developed a new version of its popular ClearAdvantage® managed services program tailored to the unique needs and challenges of regional and critical access hospitals. ClearAdvantage is an outsourced cybersecurity and compliance program built, executed, and matured by Clearwater. This version of the ClearAdvantage program is aligned with the small and medium sub-practices of the 405(d) HICP practice guides.

ClearAdvantage® by Clearwater

Reach “mature, reasonable, and appropriate” faster while delivering expert care to your community.

Clearwater helps regional and critical access hospitals reduce the risk of adverse outcomes from cyber attacks and breaches and make better risk-informed decisions through our ClearAdvantage managed services program.

Designed to meet the specific needs and constraints of regional and critical access hospitals, ClearAdvantage is built to help you leverage the small and medium sub-practices of the 405(d) HICP framework as a recognized security practice so you can avoid cyber events, minimize impact and recover quickly when necessary, and deliver patient care with the confidence that you’re secure, compliant, and resilient.

Featured Experts

Our hospital experts bring decades of experience and tailored expertise to their work with your organization.

SME Highlight

Jackie Mattingly, Ph.D., CHPS, HCISPP, CHISL, CISSP

Jackie Mattingly is the Senior Director of Consulting Services for Small/Medium Hospitals at Clearwater. She brings Clearwater customers over 20 […]

Read More

SME Highlight

Dave Bailey, CISSP

Dave Bailey is Vice President of Security Services at Clearwater and leads the managed, professional, and consulting services for the […]

Read More

Who We Have Worked With

Contact us to learn more about Clearwater

Case Study

Recovering from a cyber incident, responding to the OCR, and building a cyber resilient posture for the future

CIO, Terri Ripley

A conversation with OrthoVirginia CIO, Terri Ripley “It was that Swiss cheese effect; the gaps all lined up perfectly,” says […]

Read More

Featured Resources

OCR’s Proposed HIPAA Security Rule Notice of Proposed Rulemaking

OCR’s Proposed HIPAA Security Rule Notice of Proposed Rulemaking

In Part 1 of this blog, I provide an overview of OCR’s proposed changes to the HIPAA Security Rule, some commentary on the background, rationale and the potential impact on healthcare, descriptions of key changes in definitions, and OCR’s broader themes. In Part 2, I will dive into specific proposed new or updated standards and implementation specifications and speculate on what may happen next.

With Us