"Health-ISAC Provides Zero Trust Security Guidance to Healthcare CISOs"

The Health Information Sharing and Analysis Center (Health-ISAC) published a guide to help healthcare CISOs better understand and implement zero trust security strategies. Identity and Access Management (IAM), cloud security gateways, data and network security considerations, and device and application security are all central to zero trust strategies. Organizations must integrate the core tenets of zero trust using various methods rather than settling on a single solution. Implementing zero trust is difficult for any organization, but healthcare organizations must take special consideration. For example, many Internet of Things (IoT) devices are on the network in hospitals and healthcare settings, reporting vital patient information. Defibrillators, nebulizers, oxygen pumps, and other monitoring devices are all set up to send data back to various workstations for analysis. Enabling these devices to communicate via encrypted channels, assigning them identities, and maintaining an up-to-date inventory will be difficult, but it will help secure healthcare networks. Aside from the challenges associated with IoT devices, Health-ISAC stated that the nature of healthcare calls on employees to move from room to room, often with different workstations or devices. As a result, establishing multi-factor authentication (MFA) and fine-grained authorization can be difficult. However, the advantages of zero trust outweigh the implementation difficulties. Health-ISAC recommended that healthcare CISOs begin by assessing their organizations' current security state and comparing it to the core tenets of zero trust. Healthcare organizations should consider what authentication standards are currently implemented and how they could be modified to adhere to zero trust principles. Organizations should also assess what devices are on their networks, as well as what roles and responsibilities are in place to support the large-scale implementation of a least-privileged access model. This article continues to discuss Health-ISAC's guide for healthcare CISOs on zero trust security.

HealthITSecurity reports "Health-ISAC Provides Zero Trust Security Guidance to Healthcare CISOs"