By Zac Amos, Features Editor, ReHack
LinkedIn:Â Zachary Amos
LinkedIn:Â ReHack Magazine
While zero trust can benefit health care information technology professionals, several things should be considered before implementation. Neglecting these common challenges could cause trouble later.
1. Managing Connected Medical Devices
The rise of Internet of Things (IoT) wearables and implantables complicates zero-trust architecture implementation. A typical 500-bed health care facility has up to 10,000 internet-connected devices that collect, store and relay sensitive information, including patient details.
Even smaller and rural hospitals should consider the implications since the IoT isn’t going anywhere. As of 2024, an estimated 18.8 billion connected devices are online, and this interconnected network will likely only get bigger.
IT professionals should manage these technologies by inventorying, profiling and segmenting them. If they are cataloged, monitored and isolated, they pose little threat in the event of a successful data breach. Instead of requiring ongoing verification, the team can apply the principle of least privilege based on predetermined classifications.
2. Preventing Shadow IT from Emerging
Employees forced to use multifactor authentication or remember ever-changing passcodes may seek cloud computing service models, unintentionally inviting cyberthreats. Training is vital to communicate the importance of security compliance and potential risks. If staff doesn’t follow through, the IT team should eliminate the possibility of workarounds as much as possible.
3. Preventing Interoperability Issues
Thanks to the rise of telehealth, remote work is becoming a larger part of health care. For hybrid facilities, implementing zero trust may pose an interoperability problem.
A combination of private cloud, legacy systems and public cloud technologies complicates unification because software, protocols, security mechanisms and hardware differ. Unless hospitals leverage hyper-converged infrastructure, careful planning is the best solution. The more work professionals do upfront to determine the specifics of data management, the less labor will be required after implementation.
4. Fixing Identity and Access Blindspots
A zero-trust framework can complicate identity and access management, especially in organizations with multiple departments or numerous internal roles. This is a problem because the health care industry is a common target for cybercriminals, and a breach is costly. According to 2023 data, just one costs around $4 million on average.
Comprehensive visibility is essential. The IT team can only secure what they can see. While the rise of software as a service (SaaS) and cloud use complicates matters, conventional asset inventorying and management should increase network visibility.
5. Ensuring Uptime for Critical Workflows
Since zero trust operates on the principle of “never trust, always verify,” it can inadvertently slow health care professionals down. Physicians already spend just 11.7% of their workday on evaluation and treatment. Patient outcomes may worsen if medical professionals must continuously verify their identity or request permissions.
As convenient as exceptions are, they defeat the purpose of a zero-trust framework. Biometric authentication and background device posture checks are more practical alternatives for streamlining workflows. This way, the IT department can passively verify identity, patch history, antivirus integrity and OS version without inconveniencing providers.
6. Mitigating Connectivity-Associated Risks
Many zero-trust solutions have SaaS functionality. This complicates identity and access management because many hospitals have limited connectivity by design to mitigate cyberthreats. Decision-makers can minimize this issue by using an on-premises tool. Alternatively, they can thoroughly vet their vendor to reduce risk.
7. Effectively Managing Resource Allocation
In larger facilities, zero trust can quickly become complex and expensive. In 2023, 64% of decision-makers stated their health care organization’s budget for these initiatives increased by up to 24 percent. Another 17% reported raising the budget by 25% or more. The sudden shift toward continuous monitoring and management also strains computing resources.
With incremental implementation, the C-suite doesn’t need to expand the IT team or invest more in security initiatives — although those alternatives would also work well. Instead, they can identify process improvements early, enabling them to save. Defining the protect surface is a simple way to manage resource allocation.
Seamlessly Implementing Zero Trust in Health Care
While zero-trust architecture can be a powerful tool against cybercriminals, IT leaders must carefully consider how they will proactively approach implementation challenges. This is one of the only ways to eliminate technical hiccups and unplanned downtime after integration.