2 min read

How zero-trust security strategies are reshaping the healthcare sector

Featured Image

In NIST SP 800-207, The National Institute of Standards and Technology (NIST) defines zero trust (ZT) as “a new model for cybersecurity” where a Zero Trust architecture (ZTA) is an enterprise cybersecurity architecture that is based on zero trust principles and designed to prevent data breaches and limit internal lateral movement.” One fundamental tenet is that the enterprise must assume no implicit trust and continually analyze and evaluate the risks, and then enact protections to mitigate them.

While organizations in every industry are making security fortification a core focus right now, the healthcare sector in particular must always remain ever so vigilant. It’s easy to see why:

  • Medical records contain protected health information (PHI).
  • Healthcare organizations and covered entities are legally required to protect PHI under HIPAA (Health Insurance Portability & Accountability Act).
  • Data breaches involving unauthorized access to PHI carry severe financial penalties.

These factors make healthcare organizations high value targets for the many and growing threat actors who seek to capture this sensitive information and hold it hostage as part of a ransomware attack.

Simply put, you can never be too careful, and you must always be mindful of risks. There’s no such thing as too much caution when it comes to authenticating users and ensuring that data never slips into unauthorized hands. This, of course, is the principle behind zero trust.

What does zero trust entail?

Zero trust has been a buzzword in the security space for a while now, but in healthcare, it’s much more than just buzz. There’s a tangible multi-step process that goes into establishing a zero-trust model with healthcare data. According to Forrester, this process includes:

Explicitly verifying the identity of every single user that accesses sensitive data including PHI.
Using a “least privilege” approach to data accessibility where each user is granted only the access needed based on policy, work role, etc.
Adopting an “assume breach” philosophy, whereby IT is always wary of potential data breaches and ready to remediate them.

Establishing a zero-trust policy is challenging, though. That’s always been the case, but it’s especially true now, as so many employees (and patients!) are operating remotely. This means their devices are remote as well, and they’re often unmanaged. It’s a challenge for healthcare organizations to bring all those devices and all those endpoints together into one secure ecosystem that IT can oversee effectively.

Getting started with zero trust

The first step to establishing a zero-trust model is to get complete visibility into your connected devices. This includes not only the desktops, laptops, and smartphones that your employees are using, but also a wide range of connected medical, IoMT, and IoT devices in use throughout clinical departments. Beyond simple visibility, zero trust also requires getting buy-in from stakeholders and ensuring that your entire team is on board with your organization’s security plans.

A great way to get started is with Cisco security solutions. With Cisco’s Secure Access by Duo in your toolbox, you can ensure that only the right users and secure devices are able to access your applications and data. You can protect your healthcare organization against the likelihood of phishing, compromised credentials, ransomware, and other cybersecurity threats.

The conventional methods of securing healthcare organizations are insufficient and inadequate. Employees and patients alike are too remote and unmanaged, and the number and sophistication of cyberthreats out there continue to grow. That’s why our team at Zones – alongside our fantastic security partners like Cisco – are working to help you adapt and continuously monitor your security strategies so you can mitigate threats now and in the future.

To start crafting a zero-trust strategy for the health of your organization, read our eBook. We know what it takes to lead you forward and keep you on top of things in this ever-changing security world.

Download eBook »

Remote work can bolster your bottom line – if you have the right IT

According to the old conventional wisdom, the best way to invest in your business was to dedicate resources to workplace modernization. Better office...

Read More

Logitech and Zones are teaming up to make remote work easy

It’s become clear in recent years that workplace modernization is the key to driving business resiliency. If you give people the latest and best...

Read More

Automation is bringing greater efficiency to the retail industry

In the retail industry, IT leaders have long had a focus on workplace modernization. After all, when you implement better technology in retail,...

Read More