Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign

The Evolving Healthcare Cybersecurity Landscape

Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security approaches are proving inadequate. According to recent statistics, the healthcare sector experienced a record-breaking year for data breaches in 2024, with over 133 million patient records exposed. The average cost of a healthcare data breach has now reached $11 million, making it the most expensive industry for breaches.

What’s changed dramatically is the focus of attackers. No longer content with merely extracting patient records, cybercriminals are now targeting the actual devices that deliver patient care. The stakes have never been higher, with ransomware now representing 71% of all attacks against healthcare organizations and causing an average downtime of 11 days per incident.

New Regulatory Frameworks Demand Enhanced Security Controls

Healthcare organizations now face stricter regulatory requirements that specifically mandate network segmentation. The updated HIPAA Security Rule, published in December 2024 and expected to be implemented shortly, has eliminated the distinction between “addressable” and “required” implementation specifications. All security measures, including network segmentation, will become mandatory requirements rather than optional considerations.

Under section 45 CFR 164.312(a)(2)(vi), healthcare organizations must now implement technical controls to segment their electronic information systems in a “reasonable and appropriate manner.” This means creating clear boundaries between operational and IT networks to reduce risks from threats like phishing attacks and prevent lateral movement within networks.

Similarly, HHS 405(d) guidelines now provide voluntary cybersecurity practices that specifically recommend network segmentation and access controls to limit exposure and protect critical systems and data. These regulations reflect the growing recognition that in today’s interconnected healthcare environment, basic security measures are no longer optional but essential for protecting electronic Protected Health Information (ePHI).

Bridging the Gap Between IT Security and Medical Device Teams

One of the most significant challenges in healthcare security is the traditional divide between IT security teams and clinical engineering/biomedical teams responsible for medical devices. Each group operates with different priorities, expertise, and operational workflows:

IT security teams focus on vulnerability management, security policy enforcement, and compliance reporting, while clinical engineering teams prioritize device functionality, patient safety, and medical equipment uptime.

This divide creates blind spots in the security posture of healthcare organizations. Clinical devices often run proprietary or legacy operating systems that cannot support traditional security agents. Meanwhile, biomedical teams maintain separate inventory systems that don’t communicate with IT security platforms, creating visibility gaps for unmanaged devices.

Aaron Weismann, Chief Information Security Officer at Main Line Health, describes this challenge: “We have a very difficult time handling non-traditional compute because of not having tooling specifically designed to address and manage those devices. So Elisity really provides a layer of defense and threat mitigation that we wouldn’t otherwise have in our environment.”

The Integrated Elisity and Armis Solution: A Comprehensive Approach

The integration between Armis Centrix™ and Elisity’s microsegmentation platform creates a powerful security framework that addresses these challenges head-on. By combining comprehensive asset intelligence with Elisity’s dynamic microsegmentation capabilities, healthcare organizations can achieve true zero-trust architecture while maintaining operational efficiency.

Comprehensive Asset Discovery and Intelligence

The integrated solution provides unmatched visibility across all connected devices—managed, unmanaged, medical, and IoT—without requiring agents or disruptive scanning. Leveraging an Asset Intelligence Engine containing knowledge of over 5 billion devices, the solution automatically discovers and classifies every device on the network, including those that traditional security tools miss.

The platform detects and profiles devices ranging from infusion pumps and MRI machines to building systems like HVAC units—anything connected to the network. For each device, the solution identifies critical information such as make, model, operating system, location, connections, FDA classification, and risk factors.

As Weismann notes, “Armis and Elisity have really been able to drive more robust understanding of our security posture and how we’re implementing policies across the board.”

Identity-Based Microsegmentation

Elisity delivers identity-based microsegmentation through its cloud-delivered policy management platform, working with existing network infrastructure without requiring new hardware, agents, VLANs, or complex ACLs. The seamless integration enhances the Elisity IdentityGraph™, a comprehensive device, user, workload identity, and attribute database.

Leveraging detailed asset information (including risk score, boundaries, device type, manufacturer, model, OS, firmware version, and network segment), Elisity enables precise, context-aware security policies across the network.

Weismann explains the practical benefits: “We now have the ability to apply policies to all users, workloads and devices when they appear on networks, and we can apply all policies with confidence that we will not disrupt systems or users.”

Dynamic Policy Automation and Enforcement

The joint solution allows security teams to rapidly implement least privilege access through pre-built policy templates or highly granular, dynamic microsegmentation policies that automatically adapt based on device risk levels.

According to Weismann, “Using our existing blend of Cisco and Juniper switches as policy enforcement points is brilliant—we know our network will remain HA, high performance and we don’t have to disrupt our existing network architecture or add choke points.”

The Elisity Dynamic Policy Engine enables security teams to:

• Create, simulate, and enforce policies that prevent lateral movement
• Dynamically update policies based on real-time intelligence
• Apply least-privilege access across users, workloads, and devices without operational disruption
• Automatically adapt to changing risk levels

Main Line Health: A Success Story

Main Line Health’s implementation of the integrated solution demonstrates the transformative potential of this integration. The healthcare system recently earned both the CIO 100 Award for 2025 and the CSO 50 Award in 2024 for their innovative cybersecurity implementation.

“The synergy between Armis and Elisity has fortified defenses against targeted cyber threats, improving overall operational efficiency with added layers of security and visibility,” says Aaron Weismann. “Microsegmentation is a key strategy for accelerating our Zero Trust program.”

Main Line Health deployed the solution across their entire enterprise—from outpatient facilities to acute care hospitals. What impressed them most was the speed of implementation: “We were able to deploy Elisity at one of our sites within hours, and by the next day, we were creating and implementing blocking rules. The speed to execution was unbelievable.”

The integration created a powerful security framework that enabled Main Line Health to:

1. Discover and visualize every user, workload, and device across their networks
2. Gain comprehensive visibility into over 100,000 IoT, OT, and IoMT devices
3. Enable dynamic security policies that adapt to changing vulnerabilities
4. Deliver frictionless implementation that accelerated their security roadmap
5. Meet compliance requirements including HIPAA and HiTrust

One revealing insight from their implementation was that their non-traditional computing environment (biomedical devices, IoMT, IoT, OT) vastly outnumbered their traditional IT assets. This reinforced the importance of a security approach that could handle the unique challenges of these specialized devices.

Measurable Results and Benefits

Organizations implementing the integrated solution have experienced significant improvements in their security posture and operational efficiency:

Attack Surface Coverage and Visibility

The solution provides 99% discovery and visibility of all users, workloads, and devices across IT, IoT, OT, and IoMT environments. This comprehensive visibility closes security gaps and eliminates blind spots, especially for unmanaged devices that traditional security tools miss.

Reduced Risk and Breach Containment

By implementing identity-based least privilege access, organizations can limit the blast radius of attacks, contain breaches more effectively, and prevent lateral movement—the technique used in over 70% of successful breaches. This approach is particularly effective against ransomware, which has become the dominant threat to healthcare organizations.

Simplified Compliance and Reporting

The solution streamlines compliance with frameworks like HIPAA, NIST 800-207, and IEC 62443 through comprehensive asset visibility and policy documentation. Automated reporting capabilities enable faster audits with push-button reports per user, workload, and device.

Operational Efficiency

Perhaps most importantly, the joint solution enables healthcare organizations to implement microsegmentation in weeks instead of years, without disrupting clinical operations. As GSK’s CISO Michael Elmore notes, “Elisity’s deployment at GSK is nothing short of revolutionary, making every other solution pale in comparison.”

Looking to the Future of Healthcare Security

As we move forward in 2025 and beyond, several trends will shape the evolution of healthcare cybersecurity:

AI-Driven Security and Response

AI-driven security solutions are becoming increasingly sophisticated, enabling more accurate threat detection and automated response. The integrated solution provides early warning capabilities and predictive analytics that help organizations stay ahead of emerging threats.

Seamless IT-OT Integration

The convergence of IT and OT security will continue to accelerate, with more comprehensive security coverage across all connected systems. The integration exemplifies this trend, providing a unified view of the entire healthcare device ecosystem.

Supply Chain Security

With third-party attacks accounting for 62% of data breaches in healthcare, securing the supply chain has emerged as a critical concern. Advanced microsegmentation capabilities provide stronger controls over third-party access to networks, helping to mitigate this growing risk vector.

Zero Trust Implementation

As Forrester Research recently stated in their Forrester Wave™: Microsegmentation Solutions report, “We’re Living In The Golden Age Of Microsegmentation.” This approach is crucial for preventing lateral movement and minimizing the impact of east-west attacks in healthcare environments.

The Path Forward for Healthcare Security Leaders

For healthcare organizations looking to enhance their security posture in 2025, the integrated solution offers a powerful foundation for comprehensive protection. Here are key actions security leaders should consider:

Assessment Phase

Evaluate your current network architecture against the new regulatory standards, focusing on areas where additional segmentation controls may be needed. Consider your organization’s specific risk profile and how it aligns with the updated HIPAA security rule requirements.

Planning Phase

Develop a phased implementation plan that addresses immediate compliance needs while building toward a comprehensive segmentation strategy. Consider both technical requirements and operational impacts, ensuring that security improvements don’t disrupt critical healthcare services.

Implementation Considerations

Work with solution providers who understand healthcare’s unique challenges and can demonstrate successful implementations in similar environments. The right partner should offer both technical expertise and a clear understanding of healthcare’s regulatory requirements.

As Aaron Weismann aptly summarizes: “We’re certainly able to sleep easier at night, especially as we see larger and larger ransomware attacks hit the healthcare vertical. We definitely don’t want to be a victim of that, and therefore, anything we could do to mitigate the potential impacts of a cyber attack that could lead to a ransomware attack absolutely give us peace of mind.”

By implementing the integrated solution, healthcare organizations can transform their approach to security—protecting patient data, ensuring clinical operations continuity, and meeting regulatory requirements while adapting to the evolving threat landscape of 2025 and beyond.

To guide your journey toward effective microsegmentation, download Elisity’s comprehensive Microsegmentation Buyer’s Guide and Checklist 2025. This essential resource equips security leaders with critical evaluation criteria, detailed comparison frameworks, and real-world implementation strategies that have delivered proven ROI for organizations across healthcare and manufacturing sectors. The guide walks you through key differentiators between modern and legacy approaches, helps you build a compelling business case ($3.50 in value for every dollar invested), and provides a practical checklist of questions to ask potential vendors. Whether you’re just beginning your microsegmentation journey or looking to enhance your existing implementation, this definitive guide will help you navigate the selection process with confidence and accelerate your path to Zero Trust maturity.

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter and LinkedIn to read more exclusive content we post.