The myriad of unmanaged connected medical and IoT devices, work from home, and 3rd-party vendor software accessing hospital networks mean the "castle and moat" approach to hospital cybersecurity is no longer effective.
The Zero Trust model assumes some devices or users allowed inside the network perimeter are already cybersecurity threats, and it aims to minimize their negative impact on the critical services and data hospitals rely on to provide quality healthcare.
The term Zero Trust refers to a concept that translates to “never trust and always verify”. This is a paradigm where no device or person is considered secure and every interaction must be verified.
To apply the Zero Trust model in healthcare delivery requires identifying each connected device, user, or resource. It also means that you must authenticate each of those to the corporate network and grant them the minimal access they require to function. This is based on a trust policy defined specifically for them.
You must also consider unmanaged devices. These include connected medical devices or Internet of Things (IoT) devices. Zero Trust typically refers to contextual micro-segmentation. It relies on a robust identification of devices and fine-tuned policies that allow access to/from their verified eco-system. Additionally, it will restrict all other interactions.
Total distinct types of device families found in a typical HDO.