07/11/2025 | Press release | Distributed by Public on 07/11/2025 01:22
July 11, 2025
In healthcare, trust is foundational, but in cybersecurity, trust can be destructive. How a "zero trust" approach can resolve this paradox, protecting healthcare businesses and patients alike.
In 2024, ransomware hit healthcare hard: cyberattacks put more than 25.6 million patient records at risk, while the average ransom demand neared $6 million. With healthcare still a uniquely vulnerable and lucrative target, the attacks are sure to continue.
That vulnerability flows from the complexity of modern healthcare. Hospitals and providers deliver care through a vast array of systems and devices, each of them a portal to highly sensitive personal health information (PHI). At the same time, access needs are broad and varied: with vendors, doctors, remote clinicians and administrators all requiring access to that data in order to care for patients. Legacy security models based on implicit trust, flat networks and reactive defense models can no longer meet the moment. To stay ahead of the evolving cyber-threat, healthcare organizations need to move toward proactive, risk-based frameworks. In short, they need zero trust.
Zero trust is a cybersecurity philosophy that treats every user, device, application and connection as untrusted until it's authenticated, authorized and validated-and the validation must be continuous. In other words, zero trust assumes that no person, application, system, device, endpoint, etc., within or beyond the organization's network perimeter, should be automatically trusted.
Zero trust is a principle, not a product, and in healthcare it pays off at every operational pain point along the patient-care delivery chain. These include security gaps created by legacy infrastructure, the risks introduced by medical devices, and the regulatory complexity of handling sensitive patient information. The use cases below show how zero trust can be applied across the whole sweep of the healthcare continuum.
Ransomware remains one of the most pressing cybersecurity risks in healthcare. A single infection of malicious code can shut down emergency rooms, delay diagnoses, and force clinicians to fall back on manual processes.
This vulnerability stems from a mix of technical debt and operational complexity, including:
Zero trust won't eliminate ransomware, but when properly implemented it can significantly slow an attacker's progression and accelerate recovery, reducing operational and clinical impact. Here's how:
Identity- and device-aware access controls restrict access based on role, context and device posture, reducing initial exposure. Network segmentation and micro-segmentation ensure that breaches remain isolated, preventing spread to critical systems. Meanwhile, continuous telemetry and behavioral analytics flag anomalies early, enabling rapid, automated containment of compromised accounts or endpoints.
Zero trust enforces strict, role-based access to sensitive data, including personally identifiable information (PII), PHI, and other clinical records. Immutable backups and air-gapped storage protect recovery points from compromise. Granular restoration strategies enable staged, priority-based recovery to minimize care disruption. Regular recovery testing and robust business-continuity planning ensure these capabilities translate into real-world resilience when an incident does occur.
Understanding service dependencies-such as which apps support surgical scheduling, medication dispensing or ICU monitoring-is essential for orchestrating functional recovery. Just-in-time access provisioning can re-enable critical roles after an incident without introducing unnecessary privileges. Integrated incident-response playbooks connect zero trust policies with disaster recovery and business continuity (DR/BCP) processes, helping healthcare organizations close the loop between prevention and recovery.
Connected medical devices are indispensable to modern care delivery. They also make enticing targets and entry points for threat actors. Many are unmanaged, unpatchable, and lack even basic security controls. Most healthcare organizations don't maintain a complete, up-to-date inventory of these devices, much less real-time data on their health or risk posture. Worse, because even basic forensics or containment actions can disrupt patient care, incident response becomes especially complex.
Traditional endpoint security models aren't built for these challenges. But zero trust can be adapted to manage medical devices without compromising clinical workflows. Key components include:
Of course, security controls must always align with clinical realities. To avoid service disruptions, security teams need to collaborate with other parts of the organization to define acceptable communication patterns by device type, establish "safe isolation" protocols that protect availability, and align zero trust policies with existing clinical risk assessments and device procurement standards.
While AI introduces new risks-such as the ability to generate convincing phishing content-it also can also strengthen security when layered into a mature zero trust architecture. Deployed properly AI can enhance both proactive defense and an organization's ability to respond under pressure.
By their nature, AI and machine learning are adept at processing huge volumes of complex healthcare data across endpoints, networks, identities and applications. By using this data to establish behavioral baselines for users, devices and systems, AI can then detect subtle anomalies, such as a nurse accessing unusual patient records, or a diagnostic system exfiltrating data. It can also apply dynamic risk scoring at access points, factoring in context data such as time, location, device health, and historical patterns, to validate or deny access requests in real time.
To realize AI's full potential in a zero-trust framework, its deployment must be deliberate, transparent and aligned with clinical imperatives, not just with security goals. In fact, zero trust should apply to AI itself: automated outputs should never be trusted implicitly. They must be subject to governance, auditability and-most important-oversight by human beings.
Zero trust isn't a product or a checkbox, it's a cultural shift. It demands coordination across cybersecurity, IT, clinical operations and executive leadership. While zero trust is broad in scope, implementation can only happen incrementally. Here are some practical steps to get organizations started on this journey:
Ultimately, zero trust offers a practical, risk-aligned path to stronger cybersecurity. By emphasizing identity, segmentation, continuous verification and resilience, healthcare organizations can reduce risk, protect operations and-paradoxically-build trust where it matters most: with patients.
AVP & Consulting Partner, Digital Health
Follow
Cybersecurity Strategy Leader
Follow
North America Markets Leader, Cybersecurity
Follow
Zero Trust Practice Lead, CMT Cybersecurity
Follow