25m Health taps Clearwater for scalable cyber compliance program

Deployed across venture platform 25madison's health tech innovator, the new program establishes baseline target profiles for health tech portfolio companies with the NIST Cybersecurity Framework and the 405(d) Health Industry Cybersecurity Practices.
By Andrea Fox
11:11 AM

Credit: Yuichiro Chino/Getty Images

Clearwater announced Thursday that it is developing a repeatable and scalable cybersecurity and compliance program for the 25m Health Fund to deploy across the organization's portfolio companies.

WHY IT MATTERS

Clearwater said in an announcement Thursday that through the partnership 25m Health is providing its portfolio companies with a cost-effective solution for building the cybersecurity and compliance capabilities needed to compete in the healthcare marketplace.

Ryan Macy, 25m Health’s head of engineering, said in a statement that digital health startups need a cybersecurity and compliance platform that can "easily scale as they grow within Lifepoint and beyond."

25m Health, founded in 2021 as a joint venture between Lifepoint Health, 25madison and Apollo Global Management, has invested in several digital health start-ups including Eon and M7 Health. Eon offers artificial intelligence-driven screening patient management software that surpassed the 1,000,000 patients impacted mark last May. M7 Health, which offers a nurse staffing and insights platform, took the grand prize in the 2023 Harvard Business School Alumni New Venture Competition Alumni New Venture Competition.

Scion Health also announced Thursday that it has partnered with M7 to enhance its nursing staff experiences and improve nurse retention. 

Clearwater said key services provided to 25m Health companies include:

  • Establishing baseline target profiles for portfolio companies using the NIST Cybersecurity Framework and the 405(d) Health Industry Cybersecurity Practices.
  • Virtual chief information security officer support and advisory services.
  • Program governance.
  • Cloud security assessments.
  • Hardening guidance for the tech stack.
  • Portfolio monitoring and reporting.

THE LARGER TREND

The key cyber resilience tools – the National Institute for Standards and Technology’s Cybersecurity Framework and the 405(d) Health Industry Cybersecurity Practice – are designed to help the critical healthcare sector prevent cybersecurity incidents, which are an issue of national concern.

However, even the most well-resourced tech companies – like Optum – fall victim to rampant cyberattacks.

Wednesday, Optum's Change Healthcare, one of the largest prescription providers in the United States handling 15 billion healthcare transactions annually, began experiencing a cyber incident. Out of concern for widespread impact, the American Hospital Association has advised its member hospitals to disconnect from Optum until the danger passes.

Mature health companies and healthcare organizations, as well as digital health tech startups that enter the space, have a lot of privacy and security challenges to navigate and rely on industry best practices to comply with government data and system security requirements. Last year, according to the Health Sector Coordinating Council Cybersecurity Working Group, it joined NIST and other partners to launch an updated Cybersecurity Framework Implementation Guide as a combined cyber resilience roadmap for healthcare

ON THE RECORD

"Strong cybersecurity and compliance capabilities are a business imperative for any company developing technology for the healthcare industry," Macy said in a statement. "With minimal disruption to founders and their teams, we’re proactively meeting the needs of healthcare providers who expect technologies being deployed within their organization to achieve the highest standards with respect to cybersecurity and compliance."

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org

Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.