CMMC and Health Care Organizations: Applicability, Risk, and Readiness

• April 03, 2026

The Cybersecurity Maturity Model Certification (CMMC) is gaining attention. Although CMMC originated within the Department of Defense, its reach is expanding into the health care ecosystem, often in ways that health care organizations don’t fully anticipate. Dave Bailey, Vice President of Consulting Solutions & Strategy, Clearwater, speaks with Jenifer McIntosh, Of Counsel, Stinson LLP, about when CMMC applies, how it differs from familiar health care compliance frameworks, and why third-party and supply chain risk are central to CMMC readiness. They also explore where health care organizations may be underestimating their CMMC exposure and what practical steps they can take to prepare. Sponsored by Clearwater.