Clearwater

Threat Monitoring for Potential Oracle Cloud Breach - what we currently know. Samples of allegedly stolen info from Oracle Cloud are open for sale, touting 6 million records extracted from Oracle Cloud's SSO and LDAP on March 21, 2025. The threat actor claims to have gained access by hacking the login endpoint. Clearwater is actively monitoring this supply-chain threat and assessing all updates on this situation. As of this post, Oracle denies any compromise. Our recommendation is to take precautions against any leaked passwords with the following: - For all users, ensure the passwords, keys, secrets, and hash values associated with Oracle Cloud Apps are immediately changed - This includes updating SSO and any LDAP integrations - Any access to Oracle Cloud Apps should have MFA enabled Clearwater's Security Operations Center (SOC) will continue assessing the situation and monitoring for updates. If you are a healthcare organization and need assistance with managing the potential risk of this threat or guidance on the recommendations, please contact us.

Understanding the Quantum Threat in Healthcare: Are You Prepared? As the healthcare sector continues to evolve, it faces a unique set of challenges, not least of which is the impending shift to quantum computing. This technological leap holds great promise but also significant risk, particularly in the realm of cybersecurity. Our latest blog post delves into what "Quantum Day" means for healthcare organizations and explores the critical steps needed to prepare for a future where quantum computing could potentially render current encryption methods obsolete. Whether you're a healthcare provider, an IT professional, or someone interested in the future of healthcare security, this article provides a thoughtful examination of how quantum computing will impact the industry. Read the full blog here- https://hubs.li/Q03cV2XR0

We were thrilled to participate in the Moffitt Innovation Summit as part of the CancerX Accelerator program. The event was a remarkable showcase of dedication and innovation, and we are excited to be part of this initiative. As we continue our work with CancerX, we look forward to contributing our expertise and learning from our peers to advance cancer care in a secure environment. Our participation in these events is a vital part of our efforts to support and educate the community on best practices in cybersecurity and privacy. Stay tuned for more as we forge ahead in this important partnership, making strides together in the fight against cancer! ??Check out the amazing highlights and key themes from the event below:

Threat Alert: Reviewdog tj-actions/changed-files GitHub Action is a newly declared a known exploited vulnerability (KEV) by CISA Infected actions insert malicious code into any CI/CD workflows using it and to expose secrets from repositories running the workflow in logs. The issue impacts only one tag (v1) of reviewdog/action-setup. The group maintaining this code acknowledged that a personal access token was compromised leading to the malicious alteration of this code. It's recommended that you audit past workflows for suspicious activity, rotate any leaked secrets, and pin all GitHub Actions to specific commit hashes instead of version tags. If your focus is developing for healthcare organizations Clearwater can help identify application weakness and assess code risks. Please contact us if you would like assistance.

?? That a wrap on the 14th Annual Summit of the The Association of Dental Support Organizations (ADSO) in San Diego – Dentistry's Main Event! We were truly inspired by the wave of innovation sweeping through the dental services and oral health sector. The Summit presented numerous opportunities to enhance how we deliver and manage care. Clearwater is committed to supporting DSOs in their growth and scaling efforts, ensuring the integration of new technologies remains secure and compliant with industry regulations. Missed us at the Summit? We invite you to explore our cyber risk benchmark trend report, offering valuable insights into how the dental services sector is performing in cybersecurity relative to industry standards. ?? Explore the Report - https://hubs.li/Q03cB2CR0 #ADSOSummit25

Clearwater's March Cyber Briefing Replay is Available! Ransomware Attacks on Healthcare grew from mid January to mid February. Our latest Monthly Cyber Briefing examines these attacks and what you should be on the lookout for. Highlights include: -Approximately 35 ransomware attacks targeted the healthcare sector between January and mid February -Groups like Inc Ransom, Clock Ransomware, and Medusa have significantly ramped up their activities, exploiting vulnerabilities in remote access systems and file transfer software. -Exploitation of known vulnerabilities continues. These attacks leverage weaknesses in systems that despite being patched, continue to be vulnerable to bypass tactics. This has been particularly problematic with technologies that are pivotal to many healthcare operations. This briefing is essential for anyone in the healthcare industry looking to stay ahead of recent threats. Check out more in-depth discussions in our replay. ?? Watch the Full Briefing Replay -https://hubs.li/Q03cxmgm0 ?? Subscribe to our LinkedIn Newsletter for a monthly recap-https://hubs.li/Q03cxn6L0

Clearwater Joins Forces with CancerX to Enhance Cybersecurity in Oncology. We are excited to announce that Clearwater has become the first member company and accelerator champion of CancerX focused on advancing strong cybersecurity and data privacy practices in the fight against cancer. CancerX is a pioneering public-private partnership hosted by Moffitt Cancer Center. This collaboration is part of our ongoing commitment to drive organizations across the healthcare ecosystem toward a more secure, compliant, and resilient state, enabling them to better fulfill their mission. CancerX, launched under the InnovationX initiative in 2018, is designed to accelerate innovation in the fight against cancer. In partnership with the the Office of the National Coordinator for Health Information Technology (ONC) and the Office of the Assistant Secretary for Health (OASH), CancerX has been at the forefront of creating digital solutions that improve cancer care coordination and communication, develop new software technologies, and support post-treatment care for patients. As a CancerX Champion, Clearwater will contribute our deep expertise in cybersecurity and privacy, helping to ensure that the critical innovations developed by CancerX can proceed without the threats posed by data breaches and cyber-attacks. Our role highlights the growing need for robust cybersecurity measures as a cornerstone of modern healthcare innovation. We are proud to support this initiative, which aligns perfectly with our mission to advance healthcare security. Learn more about CancerX and our involvement-https://lnkd.in/e2BHC9F4

New Edition: Healthcare’s Monthly Cyber Briefing Newsletter The cyber threat landscape in healthcare continues to evolve—are you keeping up? In this month’s edition, we cover: ?? Trending threats targeting hospitals and health systems in the last 30 days ?? Recent cyber incidents and key takeaways/recommendations ?? Regulatory updates shaping cybersecurity strategies Our insights come straight from Clearwater’s Monthly Cyber Briefing Webinars, where CEO Steve Cagle, MBA, HCISPP, CHISL, CDH-E breaks down what healthcare leaders need to know. Subscribe today to receive your edition each month!

Earlier this week, ECRI published its annual list of top patient safety threats. Cybersecurity breaches are prominent on the list at #4, but of even greater concern per ECRI, is insufficient governance of AI which checks in at #2: https://hubs.li/Q03bT8tX0 We were very proud to have our Chief Risk Officer and Head of Consulting Services Jon Moore MS, JD, HCISPP author the toolbook AI Governance and Strategy Alignment: Empowering Effective Decision Making, published by The Governance Institute last April. Here's an excerpt from the toolbook where Jon provides a quick guide to developing an AI use policy: https://hubs.li/Q03bT6J20 Is AI governance a concern for your organization? Reach out to us with your questions at [email protected]. #AI #PSAW25

We are thrilled to participate in the Virtual National HIPAA Summit happening March 25-28, 2025. This event brings together top professionals and thought leaders in healthcare compliance, cybersecurity, and privacy to tackle the most pressing issues in the industry today. Clearwater experts Steve Cagle, MBA, HCISPP, CHISL, CDH-E, Jon Moore MS, JD, HCISPP, and Dawn Morgenstern, MBA, CHPC, CCSFP will be speaking during the following sessions: Cybersecurity Leaders Panel: Protecting Patient Safety and Building Resiliency in a Rapidly Changing Environment Date: Wednesday, March 26 | Time: 4:15 PM EST Mini Summit 19: The OCR Risk Analysis Enforcement Initiative: A Matter of Compliance and Security Date: Thursday, March 27 | Time: 10:00 AM EST Mini Summit 21: Five Commonly Overlooked Cybersecurity Practices in Fast Growth Medical Groups Date: Thursday, March 27 | Time: 10:50 AM EST Mini Summit 22: Navigating the Rapidly Evolving Information Blocking Regulatory Environment Date: Thursday, March 27 | Time: 10:50 AM EST Learn more about the event here: https://hubs.ly/Q03bT56J0 #HIPAA #healthcarecybersecurity