Overcoming Zero Trust Obstacles in Healthcare
Zachary Martin of Venable LLP Discusses Health-ISAC Zero Trust Guide
Marianne Kolbasuk McGee (HealthInfoSec) • September 2, 2022 14 Minutes
Link to podcast:
The sheer number of connected devices in healthcare environments is one of the top challenges healthcare entities face in adopting a zero trust approach to cybersecurity, says Zachary Martin.
“Making sure those devices are authenticated and authorized to be on the network is a huge task,” Martin says in an interview with Information Security Media Group. The senior adviser at law firm Venable LLP is lead author of a new report from the Health Information Sharing and Analysis Center.
The Health-ISAC white paper, published Monday, aims to help healthcare entities implement a zero trust architecture while dealing with the particular difficulties many of these organizations face.
Besides the plethora of internet of things gear used in medical settings, the adoption of multifactor authentication is also spotty in healthcare for various reasons. It matters, because multifactor authentication is a key component for zero trust.
“Digital identity is a challenge in healthcare,” Martin says. Clinicians are constantly moving from room to room and using mobile devices or different workstations, requiring them to continually be reauthenticated and reauthorized creates obstacles, he says.
“As caregivers are treating patients and going about their day, having to constantly re-authenticate is not a great user experience.”
In the interview (see audio link above photo), Martin also discusses:
- Addressing other zero trust challenges in healthcare settings;
- Considerations involving patients accessing their health information;
- The effect of the COVID-19 pandemic on zero trust.
Prior to joining law firm Venable LLP as a senior adviser, Martin advised clients of a global consulting firm on cybersecurity, digital identity, and policy. As an identity and access management and cybersecurity policy adviser, he has assisted clients in the public and private sectors in navigating security procedures and digital identity challenges.
NOTE: Health-ISAC’s Zero Trust paper is the fifth in a Health-ISAC series focused on helping organizations of all sizes and maturity levels understand the importance of an identity-centric approach to cybersecurity and the ways it can better address the current threat landscape.
1. Identity for the CISO Not Yet Paying Attention to Identity
https://h-isac.org/h-isac-white-paper-identity-for-the-ciso-not-yet-paying-attention-to-identity/
2. Health-ISAC Framework for CISOs to Manage Identity
https://h-isac.org/an-h-isac-framework-for-cisos-to-manage-identity-2/
3. Authentication
https://h-isac.org/authentication-a-health-isac-guide-for-cisos/
4. Identity, Operability, Patient Access and the 21st Century Cures Act
https://h-isac.org/interoperability-for-healthcare-cisos/
5. Identity and Zero Trust
https://h-isac.org/wp-content/uploads/H-ISAC_White-Paper-ZeroTrust_FINAL_82522.pdf
- Related Resources & News
- Potential Terror Threat Targeted at Health Sector – AHA & Health-ISAC Joint Threat Bulletin
- New Cybersecurity Policies Could Protect Patient Health Data
- CyberWire Podcast: PHP flaw sparks global attack wave
- Health-ISAC Hacking Healthcare 3-14-2025
- HSCC Aiming to Identify Healthcare Workflow Chokepoints
- New Healthcare Security Benchmark Highlights Key Investment Priorities and Risks
- Are Efforts to Help Secure Rural Hospitals Doing Any Good?
- CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts
- 2024 Health-ISAC Discussion Based Exercise Series After-Action Report
- Cobalt Strike takedown effort cuts cracked versions by 80%