The traditional model of network security — build a strong perimeter, trust everything inside it — has always had limitations. In healthcare, those limitations are now critical vulnerabilities. Clinical networks extend into patient homes through telehealth platforms, into medical devices that communicate with cloud services, into third-party vendors with remote access for device maintenance, and into personal devices used by clinical staff. The perimeter has dissolved, and with it the foundational assumption of traditional security architecture.
Zero trust is the security model designed for this environment. It replaces implicit trust based on network location with continuous verification of every access request, regardless of where it originates.
What Zero Trust Means
Zero trust is built on a simple principle: never trust, always verify. No user, device, or application is trusted by default — not even those on the internal network. Every access request must be authenticated, authorised based on context (who is requesting, from what device, what time, what location, what they are trying to access), and continuously evaluated rather than validated once at login.
The model was articulated formally by Forrester Research and adopted as official US federal cybersecurity guidance through NIST SP 800-207 and the Biden administration's 2021 Executive Order on Improving the Nation's Cybersecurity. It is now widely regarded as the appropriate security architecture for complex, distributed environments.
Zero trust is not a product. It is an architecture — a set of principles that guide how identity, devices, networks, applications, and data are managed and protected. Implementing zero trust involves changes to multiple technology domains and, as importantly, to how access decisions are made and governed.
Why Perimeter Security Fails in Healthcare
Remote Access
Clinical staff, administrators, and third-party vendors regularly access healthcare systems from outside the traditional network perimeter — through VPNs, remote desktop gateways, and web-based portals. VPN architectures typically grant wide network access once authenticated, meaning a compromised credential provides broad lateral movement capability. Perimeter controls offer nothing once an attacker is authenticated through a legitimate VPN.
Medical Devices and IoMT
Medical devices communicate with internal and cloud systems in ways that cross network boundaries continuously. Many devices have limited authentication capabilities and cannot participate in traditional network access control schemes. Treating these devices as implicitly trusted because they are on the clinical network is a dangerous assumption when device firmware may be unpatched and default credentials are common.
Third-Party Access
Vendor remote access for device servicing, application support, and managed services introduces connections from networks entirely outside the organisation's control. Perimeter security models have limited visibility into what these sessions do once authenticated.
Credential Compromise
The majority of healthcare breaches involve compromised credentials. Perimeter security offers no protection against an attacker using a legitimate credential acquired through phishing, credential stuffing, or dark web purchase. Once authenticated, a legitimate credential inside the perimeter is typically trusted everywhere.
Zero Trust Principles Applied to Healthcare
Verify Identity Explicitly
All access to healthcare systems should require strong authentication. Multi-factor authentication is the minimum standard for all remote access and privileged accounts. Phishing-resistant MFA (hardware tokens, passkeys) should be prioritised for high-value accounts — executives, system administrators, privileged clinical users.
Identity governance — maintaining accurate records of who has access to what, ensuring access is appropriate to current role, and promptly revoking access when roles change or staff depart — is the operational complement to technical authentication controls.
Use Least-Privilege Access
Users should have access only to the data and systems required for their current role and current task. In healthcare, this means EHR access profiles tied to clinical role (a nurse does not need access to records outside their unit; a billing clerk does not need access to clinical notes). Just-in-time access models, where administrative privileges are granted only for the duration of a specific task, reduce the exposure window for high-risk access.
Assume Breach
Zero trust architectures are designed on the assumption that the network is already compromised. Controls should limit the damage that a compromised user or device can cause — through microsegmentation, logging of all access events, and continuous anomaly detection.
Identity and Access Management in Healthcare
IAM is the foundation of zero trust. In healthcare, IAM must handle a complex population of users: clinical staff whose access needs change with shift and location, temporary and agency staff, medical students and trainees, researchers, and third-party vendors. Integration with HR systems for role changes and offboarding is essential.
Single sign-on (SSO) simplifies the user experience for clinical staff who may access many systems during a shift, while centralising authentication and audit logging. Federated identity enables third-party access without creating internal accounts for vendor staff.
Privileged access management (PAM) controls, vaults, and monitors the use of administrative credentials — ensuring that high-privilege accounts are used only for authorised purposes, from authorised endpoints, with full session recording.
Microsegmentation
Microsegmentation divides the network into small, isolated zones with granular access controls between them. Unlike traditional VLAN-based segmentation, which operates at the network layer, microsegmentation can be applied at the workload level — individual applications, services, or even processes.
In healthcare, microsegmentation limits the blast radius of a compromise. A ransomware outbreak contained within a single segment cannot encrypt systems across the entire hospital network. Lateral movement from a compromised endpoint is blocked by micro-perimeter policies.
Privileged Access Workstations
Privileged access workstations (PAWs) are dedicated, hardened endpoints used exclusively for administrative tasks. They run minimal software, are not used for email or internet browsing, and connect only to systems being administered. This dramatically reduces the attack surface for credential theft targeting administrative accounts.
In healthcare, PAWs are appropriate for system administrators, IT security staff, and others with access to production clinical systems. The additional operational overhead is justified by the risk profile of these accounts.
Implementation Roadmap
Zero trust implementation is a multi-year programme, not a single project. A pragmatic healthcare roadmap typically begins with identity — ensuring strong authentication and governance of all user accounts. This delivers measurable risk reduction quickly and provides the foundation for subsequent phases.
Subsequent phases address endpoint management (ensuring devices accessing clinical systems meet security baseline requirements), application access (moving from VPN-based broad network access to application-specific access controls), and data protection (classifying ePHI and applying controls based on sensitivity and access context).
Throughout, monitoring and analytics capabilities must mature to support the continuous verification model — detecting anomalous access patterns that signal compromise.
Challenges in Clinical Environments
Zero trust implementation in clinical environments faces real challenges. Authentication friction — additional login steps — is perceived as a patient safety risk when clinicians need rapid access to clinical systems during emergencies. Shared workstations in clinical areas complicate user-based access controls. Legacy clinical applications may not support modern authentication protocols.
These challenges are solvable through careful design: proximity card or badge-tap authentication for shared clinical workstations, break-glass emergency access procedures with post-hoc review, and integration of zero trust controls at the network layer for applications that cannot be updated. Clinical workflow consultation during design is not optional — security controls that create workflow friction will be circumvented.
FZ Consulting LLP helps healthcare organisations develop and implement zero trust security architectures that balance robust protection with clinical workflow requirements. Contact our team to discuss a zero trust assessment for your environment.