Clearwater

Service NOW Exploited Vulnerability Alert Critical vulnerabilities are being exploited in SNOW instances with input validation flaws that could allow unauthenticated attackers remote code execution in the context of ServiceNow’s platform. Healthcare organizations with SNOW instances should take action. Login into the main console, select the ALL section, and search for the Stats section, within this view, there will be options to identify which build they are on and take actions to update their instances. ServiceNow announced patches for the security defects, tracked as CVE-2024-4879 (CVSS score of 9.3) and CVE-2024-5217 (CVSS score of 9.2), on July 10. A third bug, CVE-2024-5178 (CVSS score of 6.9), was also resolved in the platform. Researchers have seen threat actors actively targeting vulnerable ServiceNow instances for reconnaissance, in addition to communications on actors seeking compromised access to IT service desks, corporate portals, and other enterprise systems that typically provide remote access to employees and contractors. Please take action and validate that your instances have been updated.

We're excited to feature Dave Duclos, Director and Deputy CISO – ITSEC/Cybersecurity at Christus Health, in our upcoming webinar, "Healthcare and the DoD: Preparing for CMMC Compliance," next week on July 31 at 12:00 CST. Dave has tackled CMMC head-on and will share Christus Health's (a US Family Health Plan organization) story, unique best practices, and valuable lessons learned to help other healthcare organizations get started with CMMC. If your organization is a current or prospective DoD contractor and works with ePHI, it's time to prepare for Cybersecurity Maturity Model Certification (CMMC)! #Healthcare #Cybersecurity #CMMC #DoD #Compliance #Webinar

Research shows that 89% of ePHI-related enforcement actions by the Office for Civil Rights resulted from a failure to conduct a risk analysis properly. Join our OCR-Quality® Risk Analysis Working Lab starting August 7 and learn from our experts how to do it right. Register here: https://hubs.li/Q02HN-8Y0

A report released Monday by the HHS Office of Inspector General criticizes the agency's cloud inventory process, worker skills and cybersecurity control weaknesses, such as a lack of multifactor authentication for privileged accounts and web traffic encryption for one remote server. The report says HHS "may potentially be at a risk of compromise." As Steve Akers, Clearwater Corporate CISO and CTO for our Managed Security Services team, notes in a Information Security Media Group (ISMG) story by Marianne McGee, the issues raised by the inspector general, such as the danger of default configurations on unmanaged servers - and deviation from HHS policies and National Institute of Standards and Technology guidelines - are a common problem at nearly all healthcare-related organizations. "Organizations assume that the cloud provider is performing all the necessary things to ensure security and compliance for their environment, which far too often is not the case," Akers said. As the audit found, a common mistake that many organizations make is trying to leverage their internal IT teams to manage and maintain a cloud environment, Akers added. That "often means those teams are not familiar with the intricacies of managing a cloud environment," he said. Read more here: https://hubs.li/Q02HM-fN0 #healthcarecybersecurity #cloudsecurity

Since our founding more than 15 years ago, Clearwater has been focused on moving healthcare organizations to a more secure, compliant, and resilient state so they can achieve their mission. It’s gratifying to hear our clients affirm the value of our healthcare focus, as this CISO recently did in a conversation with KLAS Research: “Clearwater is designed for healthcare. They understand healthcare at different scales, and we have had an effective partnership.” -CISO, KLAS acquired client feedback Learn more about how our deep understanding of the industry drives value for organizations across the healthcare ecosystem: https://hubs.li/Q02Hn7_T0

As Steve Cagle, MBA, HCISPP, CHISL notes in this Fierce Healthcare story, the healthcare cybersecurity bill introduced in the Senate on July 11 is redundant with actions already being taken to ensure healthcare organizations have effective cybersecurity practices in place. Read more of Steve's perspective here: https://hubs.li/Q02HK02G0 #healthcarecybersecurity

Notice: A New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints. Microsoft has released an updated recovery tool with two repair options to help IT admins expedite the repair process. The signed Microsoft Recovery Tool can be found in the Microsoft Download Center: https://hubs.li/Q02HsnhD0. Microsoft has provided a post with details on using this recovery tool https://hubs.li/Q02HsrhH0. For healthcare organizations, if you need assistance please feel free to contact Clearwater.

Today, we announced the integration of the Payment Card Industry Data Security Standard (PCI DSS) and National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) 2.0 into our IRM|Performance™ SaaS solution introduced earlier this year. Key benefits of IRM|Performance include: Improved Security Posture: Inclusion of key frameworks provides robust tools and resources to help organizations identify, assess, and mitigate cybersecurity risks, bolstering their overall security infrastructure. Holistic View of Risk and Cybersecurity Maturity: Combining assessments like NIST CSF Maturity Assessments and Information Asset-Level Risk Analyses in a single platform gives users visibility to their complete cybersecurity program maturity and cyber risk profile, identifies and prioritizes gaps that need remediation, and offers analytics to demonstrate risk reduction and maturity over time. Streamlined Processes: Cross-mapping between compliance and security frameworks reduces duplication across assessments and powers efficiency so security leaders can gain visibility into their cybersecurity posture, risks, and vulnerabilities more quickly and expedite the implementation of controls and improvement strategies. With these latest enhancements, Clearwater continues to lead the healthcare industry in delivering innovative, high-quality services and solutions that address the complex challenges of cybersecurity and compliance. Learn more here: https://hubs.li/Q02HqVZr0

Thank you to Susanna Vogel and Emily Olsen from Healthcare Dive for their thorough reporting on the impact of the CrowdStrike outage on U.S. hospitals. As Clearwater CEO Steve Cagle, MBA, HCISPP, CHISL notes in the story, bad actors posing as CrowdStrike support remain a concern. #healthcarecybersecurity https://hubs.li/Q02HkCwY0

Fake CrowdStrike Support Alert Be aware that malicious actors are taking advantage of the CrowdStrike situation and are posing as CrowdStrike support reaching out and offering assistance in restoring systems. CrowdStrike has confirmed that the widespread issue negatively impacting organizations and Window systems is not a cyberattack but was caused by a botched update. We also suspect that these actions are similar to the BazaCall tactic. This is when a fake call center answers an inbound call and then proceeds to encourage a visit to a website or form to drive malware on targeted networks. Be aware of outreach and of websites and services offering assistance you are not familiar with. If your healthcare organization needs assistance we are here to help, Clearwater Security can review and address your risk.