Author: Alison Norfleet, Cisco

See original Blog

The past year, more than ever, has driven home the importance of cybersecurity in the healthcare industry. Between unprecedented adoption of telehealth capabilities to increased attacks on healthcare systems, network security is top-of-mind. Enter the new buzzword in healthcare: clinical zero trust

Clinical Zero Trust in Healthcare

Clinical zero trust is a cybersecurity philosophy that has grown to address the multi-faceted needs of healthcare. Taking the cornerstones of zero–trust ideas, this approach expands to encompass healthcare specific constraints including patient privacy concerns, connected – and unconnected – medical and IOT devices, and the explosion of virtual care.   

In a zero-trust environment, no person, device, or resource is considered secure. Networks are treated as perennially under attack and use a series of verifications to grant access to a specific user, at a specific time, to use a specific resource or functionality. This type of authentication has become increasingly necessary with the growth of the cloud and the proliferation of SaaS applications. More and more, legitimate users are accessing networks outside the traditional secure network and firewalls. This leaves systems vulnerable to attacks from compromised devices, viruses, and malicious actors.  

Implementing CZT

Clinical zero trust is no small undertaking. Healthcare systems are notoriously reliant on legacy systems that may not be compatible with this type of authentication – not to mention the plethora of medical devices that are either outdated, unconnected, or unaccounted for in any given facility. Add that verification can slow down or interrupt patient care and you have a recipe for strong clinician pushback and snail’s pace adoption. However, in an increasingly hostile online landscape, healthcare leadership needs to move toward this mindset to protect their data and reputations.    

So, how should healthcare systems start to approach clinical zero trust? The great thing is, overall, zero trust is a stance – not just a one-size fits all solution. IT leaders can work within their own systems or individual departments to define their own approach; one that will limit susceptibility without hindering virtual or in-person patient care. The goal is ensuring that all stakeholders understand and participate willingly in their role in securing health IT systems while not impeding care delivery. 

If you want to learn more about clinical zero trust, Cisco, Medigate, and ePlus have teamed up for a three-part series exploring best practices for healthcare IT’s hottest topic. Catch a replay of the March 10th discussion of Patient Safety, Care Enablement through Clinical Zero Trust on March 24th and then join us in April for two more enlightening discussions.