Identity and Zero Trust: A Health-ISAC Guide for CISOs

Educates health care CISOs on the basic tenets of zero trust, the challenges that may be unique to that market, and how to begin implementing the architecture.
Health-ISAC Unveils “All about Zero Trust: A Health-ISAC Guide for CISOs”
ORMOND BEACH, FL, August 26, 2022 – Health Information Sharing and Analysis Center (Health-ISAC) today released a new white paper intended to help CISOs understand and implement a zero trust security architecture, with a focus on how an identity-centric approach to cybersecurity can provide a foundation for zero trust.
The purpose of this paper is to educate healthcare CISOs on zero trust, detail its basic tenets, the unique challenges to a zero trust migration, and how to begin implementing the architecture.
The paper lays out healthcare specific challenges organizations will have to address. Two key points the paper highlights: the preponderance of Internet of Things devices and the roaming nature of some healthcare workers that may make authentication and fine-grained authorization complex.
Identity is at the core of zero trust: multi-factor authentication (MFA), well-governed authorization, and the proper provisioning of roles and attributes for access is critical. Access rules need to be as granular as possible to enable least privilege and all subjects, assets, and workflows need to be explicitly authenticated and authorized. The paper also adds zero trust components to the Health-ISAC Framework for Managing identity.
This paper is the fifth in a Health-ISAC series focused on helping organizations of all sizes and maturity levels understand the importance of an identity-centric approach to cybersecurity and the ways it can better address the current threat landscape.
This paper is the 5th in Health-ISAC’s Identity Series to guide healthcare CISOs
- Related Resources & News
- Health-ISAC whitepaper highlights cybersecurity responsibilities in medical device lifecycle, focuses on resilience
- Health-ISAC Hacking Healthcare 2-3-2025
- Exploring the Cybersecurity Roles of Manufacturers and Healthcare Organizations During the Medical Device Lifecycle
- Impacts of Proposed US Import Tariffs on the Global Health Sector
- NY Blood Center Attack Disrupts Suppliers in Several States
- 2025 Newsletter – February
- DeepSeek’s Security Risk Is A Critical Reminder For CIOs
- $6.4m to combat health sector cyber threat
- Threat Bulletin: SimpleHelp RMM Software Leveraged in Exploitation Attempt to Breach Networks
- EU Commission Calls for Health Sector ‘Cyber Action Plan’