Clearwater & CyberMDX Announce Partnership to Address Weak Link in ePHI Security Chain

Innovative Approach to Medical Device Security Helps Protect Patients from Cyber Threats


Nashville, Tennessee, November 28, 2018 – Clearwater Compliance and CyberMDX have entered into a partnership to simplify and automate the identification, inventorying, assessment and risk analysis of networked medical devices, using Clearwater’s IRM | Pro™ — an Enterprise Cyber Risk Management Software — and CyberMDX’s MDefend — a visibility and cybersecurity solution, powered by an AI and DPI engine, coupled with Clearwater’s professional services.

The CyberMDX-Clearwater joint delivery model creates the most comprehensive and robust enterprise cyber risk management solution available on the market at a time when growing internal and external security threats have made it increasingly difficult for healthcare organizations to protect their sensitive information, including patients’ personal health information (CHIME HealthCare’s Most Wired: National Trends 2018).

“One of the weakest links within clinical networks is also their most critical asset: their connected medical devices,” said CyberMDX Co-Founder and CEO Amir Magner. “Healthcare providers rely on connected medical devices for their clinical workflows and life-saving treatments, but unlike other IT assets, connected medical devices are extremely vulnerable and often poorly managed. Organizations struggle to do a true, enterprise, OCR-quality risk analysis — one that includes an information asset audit and that evaluates all ePHI assets and the specific threats and vulnerabilities that are applicable to those devices.”

Clearwater CEO Steve Cagle said connected medical devices and other IoT integrated devices or equipment are not just a technology risk but a patient safety risk and a risk to business.

“The truth is, if you don’t know where your devices are, you can’t secure them, and until recently there weren’t good or efficient ways of getting that information,” Cagle said. “Until now, it’s also been difficult to categorize the different groups of like devices to make the risk analysis process more manageable. It’s a tremendous challenge for the industry, and we are pleased to partner with CyberMDX to deliver a best-in-class solution.”

With the CyberMDX-Clearwater joint delivery model, healthcare provider organizations can do in a few hours what has historically taken weeks or months to accomplish. CyberMDX’s unique technology identifies in real-time medical device profile information, which is used by Clearwater to identify like devices from a risk perspective. As a recent deployment for a large Integrated Delivery Network provider showed, the solution was able to condense about 30,000 connected medical devices into about 300 groups by putting them into appropriate classifications and groupings, allowing for a much more manageable risk analysis and ongoing identification, assessment, detection and automatic micro-segmentation of all medical and clinical assets.

Tailored to meet the demanding and unique cybersecurity and HIPAA compliance needs of clinical networks and protocols, CyberMDX’s solution provides an automatic and continuous discovery and profiling solution that is easily deployed, fully scalable and built for large distributed networks.

Clearwater’s  IRM | Analysis™ software utilizes the resulting inventory and Clearwater’s proprietary algorithms to facilitate an OCR-Quality Security Risk Analysis on the medical devices, as well as to implement and document remediation actions. The result is a complete risk analysis and risk response solution that complies with HIPAA requirements and can be used to satisfy information requests from the Office For Civil Rights (OCR). 

“From everything we are seeing with our customers, medical devices are one of their weakest links in the security chain and their greatest concern,” Clearwater’s Cagle said. “In a recent webinar presented by Clearwater and CyberMDX fewer than 18% of attendees stated that they had a comprehensive medical device security program in place.

A compromise of medical devices can have devastating effects for a healthcare provider, including:

About CyberMDX

CyberMDX is an IOT security leader dedicated to protecting the quality care of health delivery worldwide. CyberMDX provides cloud-based cybersecurity solutions that support the advancement of The Internet of Medical Things. The CyberMDX solution identifies endpoints and assesses vulnerabilities to detect, respond to, and prevent cyber incidents. Deployed worldwide, CyberMDX is designed to integrate with our customers’ existing environments through its scalable, easy-to-deploy and agentless solution.