April 2026 edition of CloudWave Connections
Hi friend,
Last week I had the privilege of moderating a panel at the AZ HIMSS West Coast Chapter event in Tempe, and the conversation did not disappoint. Three CISOs from different healthcare organizations sat down to talk through the proposed HIPAA Security Rule updates. What’s realistic, what’s not, and what keeps them up at night.
Here’s what stood out.
- The 72-Hour Recovery Requirement Is Ambitious to the Point of Crazy
- The Vendor Accountability Gap Is Real; They’re taking it personally
- Asset Inventory and Network Mapping: “We’ve Got This” (Do You Though?)
- Massive Costs, Zero New Funding
Jacob Wheeler
Sr. Solutions Architect
The Threat Landscape Has Changed — Your Security Risk Assessment Should Too
For years, many healthcare organizations approached the HIPAA Security Risk Assessment (SRA) as a regulatory requirement: document risks, update policies, and ensure the report is on file.
But healthcare cybersecurity has changed dramatically over the past decade. The threat landscape facing hospitals, rural providers, and senior living organizations today bears little resemblance to the environment that shaped many traditional assessment models. Read More
BlueOrange Compliance Joins MEDITECH Alliance Program
BlueOrange Compliance, a CloudWave company and a leader in healthcare cybersecurity, risk, and compliance services, today announced its approval as a MEDITECH Alliance Program Collaborator, expanding its ability to support MEDITECH hospitals and health systems with specialized security and regulatory expertise.
Threat Briefs for March
April 3
This edition covers active threat campaigns relevant to Healthcare and Technology sectors. One new campaign to be reported this week. The most critical ongoing threat remains the Iran-nexus Handala/UNC5203 wiper …
April 10
Three new campaigns to be reported this week. Key new entries this week: a DPRK-linked GitHub Actions supply chain campaign targeting healthcare CI/CD pipelines (CAMP.26.041), an active ransomware campaign by …
April 17
Three new campaigns to be reported this week, all sourced from Google Threat Intelligence (GTI). The most critical is the China-nexus exploitation of CVE-2026-1731 in BeyondTrust Remote Support (GLOBAL.26.004) — …
Read more in our Threat Intelligence Library
Blog: Practicing Visibility, Resilience, and Readiness in Healthcare IT
During a recent Cybersecurity Insider Program peer roundtable for healthcare security leaders, CloudWave’s CISO Ashini Surati, VP of Service Delivery Tony Rienzo, and Security and Operations Leader Richard Phung discussed what “good” looks like in the field today. Their roadmap for building operational maturity is summarized here.
Join our Cybersecurity Insider Program
We’re excited to relaunch CloudWave’s Cybersecurity Insider Program (CIP) — your exclusive gateway to the latest healthcare IT security insights and resources.
Register today to get these exclusive benefits:
- On-Demand Learning Library
- Exclusive Member Offers
- Early Access to Specialized Content
- CIP Roundtables, Webinars, & Events
Customer Programs
Monthly Customer CIO Roundtables
Virtual | Join our monthly meetings to exchange ideas with your peers and hear from CloudWave experts on timely topics in Healthcare IT and cybersecurity
Events & Webinars
MUSE Inspire Conference | May 19 – 22 | Hyatt Regency | Chicago, IL
Oregon HIMSS | May 28 | DoubleTree Lloyd Center | Portland, OR
NE HIMSS Annual Conference | June 4 | Four Points by Sheraton | Norwood, MA
NHA Rural Health Conference | June 8-10 | Younes Conference Ctr | North Kearney, NE
e-Health Conference | June 14-16 | Halifax Convention Ctr | Halifax, Nova Scotia
Product & Platform Updates
- Expanded CloudCare Support: Managed Patching is now available. Details →
- EDR Powered by SentinelOne: Simplify endpoint protection and visibility. Read More →
- Advance Authorization: Change order management made easy. Reach out to Customer Success to learn more→
- BlueOrange Compliance Elevates Cybersecurity with NIST CSF 2.0: Healthcare organizations continue to face rising cyber threats, tighter regulatory scrutiny, and increasing operational pressure. In this environment, a strong, future-ready cybersecurity and compliance posture is essential. That’s why BlueOrange Compliance is proud to announce our transition to the NIST Cybersecurity Framework (CSF) 2.0, fully integrated with NIST SP 800-53 Rev. 5 and NIST SP 800-66 Rev. 2. This upgrade replaces our previous assessment approach rooted in 800-53 Rev. 4 and 800-66 Rev. 1, offering a more comprehensive, modernized, and aligned path to security and HIPAA compliance. Read More →
Resources & Insights
- Recent Blogs – Expert perspectives on data protection, cybersecurity, compliance,and cloud strategy.
- Endpoint Detection & Response Digital Hub – Access resource guides, webinar recordings, blogs, and best practices.
- Tell Your Story – Help other healthcare organizations by sharing how you’ve overcome your technical and security challenges. Email Us →
Thank you for being part of our CloudWave customer community. We’re proud to support your mission to keep healthcare safe, connected, and resilient.
Stay tuned for next month’s issue!
— The CloudWave Team