Clearwater Compliance Partners with NIST on Guide to Meet Critical Cybersecurity Needs for Healthcare Sector


NASHVILLE, TN – May 18, 2017 — Clearwater Compliance, a leading healthcare cybersecurity company, has been working closely with the National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE) on a cybersecurity project for the healthcare sector. As part of this collaboration, NIST has released a draft practice guide, titled NIST SP 1800-8, Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, to demonstrate how healthcare delivery organizations can use best practices along with standards-based, commercially available cybersecurity technologies to better protect their wireless infusion pump ecosystem.

The guide explores methods that healthcare delivery organizations (HDOs) can use to address assets, threats, and vulnerabilities by completing a NIST-based risk assessment to the pump ecosystem, with the aim of creating defense-in-depth protection against threat sources and threat events. The guide also maps security characteristics to standards, guidance, and best practices from NIST, other standards organizations, and the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

“Collaborating with stakeholders such as members of industry, technology providers, and integrators to produce viable cybersecurity solutions is key to the NCCoE’s success,” said Gavin O’Brien, Computer Scientist at NIST. “The Wireless Infusion Pump practice guide is another successful example of how these stakeholders engage with NCCoE to produce solutions to real world problems that can be adopted to reduce the level of risk for owners and operators in the healthcare sector.”

The NCCoE is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges.

Reducing cybersecurity risk, developing and executing in-depth cybersecurity strategies and offering best practices for healthcare organizations especially as it applies so directly to patient safety issues is critical to Clearwater’s mission, said Bob Chaput, CEO of Clearwater Compliance. “We are honored to collaborate with NIST on a guide that improves the awareness as cybersecurity has rapidly evolved to become a patient safety, and therefore, a significant business risk management issue for HDOs.”

The draft is available for download on the NCCoE website.

About Clearwater Compliance
Clearwater Compliance, LLC is a leading provider of healthcare compliance and cyber risk management solutions. Its mission is to empower hospitals and health systems to successfully manage healthcare’s evolving cybersecurity risks and ensure patient safety. Exclusively endorsed by the American Hospital Association, Clearwater solutions have been deployed within hundreds of hospitals and health systems, Fortune 100 organizations and federal government institutions. Clearwater’s award-winning solutions have earned the trust of many of today’s largest and most prestigious hospitals by consistently delivering innovative solutions that address today’s evolving cyber threats. More information about Clearwater Compliance is at clearwatercompliance.com.

About the National Cybersecurity Center of Excellence (NCCoE)
The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. This public-private partnership enables the creation of practical cybersecurity solutions for specific industries or broad, cross-sector technology challenges. Working with technology partners from Fortune 500 market leaders to smaller companies specializing in IT security the NCCoE develops modular, easily adaptable example cybersecurity solutions demonstrating how to apply standards and best practices using commercially available technology. The NCCoE documents these example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cyber Security Framework and details the steps needed for another entity to recreate the example solution. The NCCoE was established in 2012 by NIST in partnership with the state of Maryland and Montgomery County, Md. Information is available at: nccoe.nist.gov.

Contact
Kelly Motley
615.483.0365
kelly.motley@Clearwatercompliance.com