25m Health turns to Clearwater for a scalable cyber compliance program

Health
By Liam

Clearwater announced Thursday that it is developing a repeatable and scalable cybersecurity and compliance program for its 25 millionth Health Fund, which can be deployed across the organization’s portfolio companies.

WHY IT MATTERS

Clearwater said in an announcement Thursday that through the partnership, 25m Health will provide its portfolio companies with a cost-effective solution for building the cybersecurity and compliance capabilities needed to compete in the healthcare market.

Ryan Macy, chief engineering officer at 25m Health, said in a statement that digital health startups need a cybersecurity and compliance platform that can “easily scale as they grow within Lifepoint and beyond.”

Founded in 2021 as a joint venture between Lifepoint Health, 25madison and Apollo Global Management, 25m Health has invested in several digital health startups, including Eon and M7 Health. Eon offers artificial intelligence-based screening patient management software surpassed the mark of 1,000,000 affected patients last May, while M7 Health, which provides a nursing workforce and insights platform, made the move Grand prize in the Harvard Business School Alumni New Venture Competition 2023 Alumni New Venture Competition.

Scion Health also announced this was the case on Thursday together with M7 to improve nursing staff experiences and improve nurse retention.

Clearwater said the key services provided to 25 million healthcare companies include:

  • Establishing Basic Target Profiles for Portfolio Companies Using the NIST Cybersecurity Framework and the 405(d) Health Industry Cybersecurity Practices
  • Support and consulting services for virtual Chief Information Security Officers
  • Program management
  • Cloud security reviews
  • Hardening guidelines for the tech stack
  • Portfolio monitoring and reporting

THE BIG TREND

Key cyber resilience tools – the National Institute for Standards and Technology’s Cybersecurity Framework and the 405(d) Health Industry Cybersecurity Practice – are designed to help the critical healthcare industry prevent cybersecurity incidents that are a matter of national importance.

But even the most well-resourced tech companies – like Optum – fall victim to rampant cyber attacks.

On Wednesday, Optum’s Change Healthcare, one of the largest prescription providers in the United States that handles 15 billion healthcare transactions annually, suffered a cyber incident. Out of concern about the widespread impact, the American Hospital Association has advised its member hospitals to disconnect from Optum until the danger passes.

Mature healthcare companies and healthcare organizations, as well as digital healthcare technology startups entering this space, face many privacy and security challenges and rely on industry best practices to meet industry requirements of government data and system security. According to the Health Sector Coordinating Council’s Cybersecurity Working Group, it launched an updated Cybersecurity Framework Implementation Guide last year with NIST and other partners as a combined cyber resilience roadmap for healthcare.

ON THE RECORD

“Strong cybersecurity and compliance capabilities are a business imperative for any company developing healthcare technology,” Macy said in a statement. “With minimal disruption to the founders and their teams, we are proactively meeting the needs of healthcare providers who expect technologies deployed within their organizations to achieve the highest standards in cybersecurity and compliance.”

Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.

You might also like More from author