Identity and Zero Trust: A Health-ISAC Guide for CISOs

Educates health care CISOs on the basic tenets of zero trust, the challenges that may be unique to that market, and how to begin implementing the architecture.

Health-ISAC Unveils “All about Zero Trust: A Health-ISAC Guide for CISOs”

ORMOND BEACH, FL, August 26, 2022 – Health Information Sharing and Analysis Center (Health-ISAC) today released a new white paper intended to help CISOs understand and implement a zero trust security architecture, with a focus on how an identity-centric approach to cybersecurity can provide a foundation for zero trust.

The purpose of this paper is to educate healthcare CISOs on zero trust, detail its basic tenets, the unique challenges to a zero trust migration, and how to begin implementing the architecture.

The paper lays out healthcare specific challenges organizations will have to address. Two key points the paper highlights: the preponderance of Internet of Things devices and the roaming nature of some healthcare workers that may make authentication and fine-grained authorization complex.

Identity is at the core of zero trust: multi-factor authentication (MFA), well-governed authorization, and the proper provisioning of roles and attributes for access is critical. Access rules need to be as granular as possible to enable least privilege and all subjects, assets, and workflows need to be explicitly authenticated and authorized. The paper also adds zero trust components to the Health-ISAC Framework for Managing identity.

This paper is the fifth in a Health-ISAC series focused on helping organizations of all sizes and maturity levels understand the importance of an identity-centric approach to cybersecurity and the ways it can better address the current threat landscape.

This paper is the 5th in Health-ISAC’s Identity Series to guide healthcare CISOs

1. Identity for the CISO Not Yet Paying Attention to Identity
2. Health-ISAC Framework for CISOs to Manage Identity
3. Authentication
4. Identity, Operability, Patient Access and the 21st Century Cures Act
5. Identity and Zero Trust
   H ISAC White Paper ZeroTrust
   Size : 2.3 MB Format : PDF

• Related Resources & News
• Cyber Threats Know No Borders
• Health-ISAC Hacking Healthcare 1-10-2025
• Google’s rural healthcare cybersecurity initiative
• Gen Z is stealing your health data—and the consequences may be worse than you think
• Left to Our Own Devices Podcast #71: Errol Weiss
• 2025 Newsletter – January
• The Year Ahead: What Can We Expect Within the Cybersecurity Landscape?
• HHS Urges Health Sector to Beef Up OT, IoMT Security
• Defending Healthcare Facilities Against Ransomware Attacks
• Health-ISAC Hacking Healthcare 12-16-2024