Technology

From risk scoring without network redesign to dynamic policy enforcement

14 Min Read
14 Min Read
Automating Zero Trust in Healthcare

The evolving healthcare cybersecurity landscape

Healthcare organizations face unprecedented cybersecurity challenges in 2025. Traditional security approaches have proven inadequate as operational technology (OT) environments become increasingly targeted, creating an expanded attack surface for IT convergence and healthcare systems. Recent statistics show that the healthcare sector experienced a record year of data breaches in 2024, revealing more than 133 million patient records. The average cost of healthcare data breaches now reaches $11 million, making it the most expensive industry for violations.

What changed dramatically was the focus of the attacker. As simply extracting patient records just isn’t satisfied, cybercriminals are now targeting real devices that provide patient care. Ransomware currently accounts for 71% of all attacks on healthcare organizations, causing average 11 days of downtime per incident, making the stakes higher than ever.

New regulatory frameworks require enhanced security controls

Healthcare organizations are currently facing stricter regulatory requirements that specifically mandate network segmentation. The updated HIPAA security rules, released in December 2024 and scheduled to be implemented soon, eliminated the distinction between “addressable” and “required” implementation specifications. All security measures, including network segmentation, become mandatory, not optional considerations.

Under Section 45 CFR 164.312(a)(2)(vi), healthcare organizations must implement technical management to segment electronic information systems in a “rational and appropriate manner.” This means creating clear boundaries between operations and IT networks to reduce risk from threats such as phishing attacks and prevent lateral movement within the network.

Similarly, the HHS 405(d) guidelines now provide voluntary cybersecurity practices that specifically recommend network segmentation and access control to limit exposure and protect critical systems and data. These regulations reflect a growing perception that in today’s interconnected healthcare environment, basic security measures are no longer an option and are essential to protecting electronically protected health information (EPHI).

Bridging the gap between IT security and medical device teams

One of the most important challenges in healthcare security is the traditional disparity between IT security teams and the clinical engineering/biomedical teams responsible for medical devices. Each group operates with a variety of priorities, expertise, and operational workflows.

IT security teams focus on vulnerability management, security policy enforcement and compliance reports, while clinical engineering teams prioritize device capabilities, patient safety, and medical device uptime.

See also  24-hour timeline for the Modern Stealer Campaign

This disparity creates a blind spot in the security attitudes of healthcare organizations. Clinical devices often run proprietary or legacy operating systems that cannot support traditional security agents. Meanwhile, biomedical teams maintain separate inventory systems that do not communicate with IT security platforms, creating visibility gaps for unmanaged devices.

Aaron Weismann, Chief Information Security Officer at Main Line Health, explains the challenge: “It is extremely difficult to handle non-traditional calculations because there are no tools specifically designed to deal with and manage these devices.

Integrated Elisity and Armis Solutions: A Comprehensive Approach

The integration of Armis Centrix™ and Elisity’s microsegmentation platform creates a powerful security framework that addresses these challenges head on. Combining comprehensive asset intelligence with Elisity’s dynamic microsegment capabilities, healthcare organizations can achieve true zero trust architectures while maintaining operational efficiency.

Comprehensive Asset Discovery and Information

The integrated solution provides unparalleled visibility across all connected devices, managed, unmanaged, medical and IoT, without the need for agents or destructive scans. Leveraging an asset intelligence engine that includes knowledge of over 5 billion devices, the solution automatically discovers and classifies all devices on your network, including those that traditional security tools have missed.

The platform detects and profiles devices from infusion pumps and MRI machines to building systems such as HVAC units connected to the network. For each device, the solution identifies important information such as MAKE, model, operating system, location, connections, FDA classification, and risk factors.

As Wiseman points out, “Armis and Eligiti have been able to promote a truly robust understanding of our security attitude and how we enforce our policy across the board.”

Identity-based microsegments

Elisity works with existing network infrastructure to provide identity-based microsegmentation through a cloud-delivered policy management platform, without the need for new hardware, agents, VLANs, or complex ACLS. Seamless integration enhances Elisity IdentityGraph™, a comprehensive device, user, workload identities, and attribute database.

Leveraging detailed asset information (including risk scores, boundaries, device types, make, model, OS, firmware versions, and network segments), Elisity enables accurate, contextual security policies across your network.

Weismann explains the real benefits. “We can now apply policies to all users, workloads and devices when they appear on the network. We can apply them with confidence that we do not disrupt systems or users.”

Dynamic policy automation and enforcement

Collaborative solutions allow security teams to quickly implement minimal privileged access through highly granular, dynamic microsegmentation policies that automatically adapt based on pre-built policy templates or devices’ risk levels.

According to Weismann, “It’s great to use existing blends of Cisco and Juniper switches as policy enforcement points. The network remains HA, high performance, and there is no need to disrupt existing network architectures or add chokepoints.”

See also  New critical SAP NetWeaver flaws have been exploited by the drop web shell, the Blue Tratel framework

With the Elisity Dynamic Policy Engine, your security team will:

  • Create, simulate and implement policies that prevent lateral movement
  • Dynamically update policies based on real-time intelligence
  • Apply minimal access to users, workloads, and devices without interruption
  • Automatically adapt to changes in risk levels

Mainline Health: A Success Story

The implementation of Main Line Health’s integrated solution demonstrates the potential for transformation of this integration. Healthcare System recently won both the 2025 CIO 100 Awards and the 2024 CSO50 Awards.

“The synergy between Armis and Elisity improved overall operational efficiency by strengthening defense against targeted cyber threats and adding layers of security and vision,” says Aaron Weismann. “Microsegmentation is a key strategy to accelerate zero trust programs.”

Mainline Health has deployed solutions across the enterprise, from outpatient facilities to acute care hospitals. What impressed them most was the speed of implementation. “Within a few hours, we were able to deploy Elisity on one of our sites. By the next day we had created and implemented blocking rules. We couldn’t believe the speed of our execution.”

The integration has created a powerful security framework that will make mainline health as follows:

  1. Discover and visualize all users, workloads, and devices across your network
  2. Comprehensive visualization of over 100,000 IoT, OT, and IOMT devices
  3. Enable dynamic security policies that adapt to vulnerability changes
  4. Provides frictionless implementations that accelerate your security roadmap
  5. Meet compliance requirements such as HIPAA and HitRust

One insight from implementation is that non-traditional computing environments (biomedical devices, IOMT, IoT, OT) are significantly outperforming traditional IT assets. This has strengthened the importance of a security approach that can address the unique challenges of these specialized devices.

Measurable results and benefits

Organizations implementing integrated solutions have experienced significant improvements in security attitudes and operational efficiency.

Attack coverage and visibility

This solution provides 99% discovery and visibility for all users, workloads, and devices, IoT, OT, and IOMT environments. This comprehensive visibility closes security gaps and eliminates blind spots, especially for unmanaged devices that traditional security tools have missed.

Reduced containment of risks and violations

Implementing identity-based least privileged access allows organizations to limit the explosion radius of attacks, more effectively including violations and prevent lateral movement. This is the technique used in over 70% of successful violations. This approach is particularly effective against ransomware, which is a dominant threat to healthcare providers.

Simplified compliance and reporting

The solution streamlines compliance with frameworks such as HIPAA, NIST 800-207, and IEC 62443 through comprehensive asset visibility and policy documentation. Automatic reporting features allow faster audits with push button reports per user, workload and device.

Operational efficiency

Perhaps most importantly, the collaborative solution allows healthcare providers to implement micro-categories in weeks rather than years, without disrupting clinical surgery. As Ciso Michael Elmore of GSK points out, “Elisity’s deployment at GSK is innovative and pale with all the other solutions.”

See also  Malicious peepy package stealing source code that stole Solana Tools with 761 download

We look to the future of healthcare security

As we move on from 2025 onwards, several trends will shape the evolution of healthcare cybersecurity.

AI-driven security and response

AI-driven security solutions are becoming increasingly sophisticated, allowing for more accurate threat detection and automated responses. The integrated solution offers early warning and predictive analytics that helps organizations stay ahead of new threats.

Seamless IT-OT integration

The convergence of IT and OT security continues to accelerate, with more comprehensive security coverage across all connected systems. Integration exemplifies this trend and provides a unified view of the entire ecosystem of healthcare devices.

Supply Chain Security

Securing a supply chain has emerged as a key concern in third-party attacks, which account for 62% of healthcare data breaches. Advanced microsegmentation features help you to more powerfully control third-party access to your network and reduce this growing risk vector.

Implementing Zero Trust

As Forrester Research recently stated, Forrester Wave™: Microsegmentation Solutions Report, “We live in the golden age of microsegmentation.” This approach is important to prevent lateral movement and to minimize the impact of east-west attacks in healthcare settings.

Healthcare security leaders advance

For healthcare organizations looking to strengthen their security posture in 2025, integrated solutions provide a strong foundation for comprehensive protection. The key actions that security leaders should consider are:

Evaluation stage

Evaluate current network architectures against new regulatory standards, focusing on areas where additional segmentation controls may be required. Think about your organization’s specific risk profile and how it matches your updated HIPAA security rule requirements.

Planning phase

Develop a step-by-step implementation plan that addresses immediate compliance needs while building towards a comprehensive segmentation strategy. Consider both technical requirements and operational impacts, and ensure that improved security does not disrupt critical health services.

Implementation Considerations

Understand the unique challenges of healthcare and work with solution providers that can help you successfully implement it in a similar environment. The right partners should provide both technical expertise and a clear understanding of healthcare regulatory requirements.

As Aaron Weismann appropriately sums up, “We certainly find ourselves sleeping easier, especially as we see larger ransomware attacks hit healthcare verticals. Therefore, we don’t want to be its victims, so we can’t do anything we can to mitigate the potential impact of cyberattacks that could lead to ransomware attacks.”

By implementing integrated solutions, healthcare organizations transform their approach to security. Protect patient data, ensure continuity of clinical operations, and meet regulatory requirements while adapting to the evolving threat landscape since 2025.

To guide your journey to effective microsegmentation, download Elisity’s comprehensive Microsegmentation Buyer’s Guide and Checklist 2025. This critical resource features key assessment criteria for security leaders, a detailed comparative framework, and real-world implementation strategies that provide proven ROIs for organizations across the healthcare and manufacturing sector. This guide explains the key differentiators between modern and legacy approaches, helps you build a compelling business case (worth $3.50 per investment), and provides a practical checklist of questions to ask potential vendors. Whether you’re just beginning your microsegmentation journey or are looking to bolster your existing implementation, this decisive guide will help you navigate the selection process with confidence and accelerate your path to zero trust maturity.

Share This Article
Leave a comment

Follow US

POPULAR