A recent report issued by Okta has found that there has been an increase in the number of healthcare organizations that have implemented zero trust initiatives. The 2022 State of Zero Trust Security report revealed that approximately 58 percent of organizations who were surveyed have confirmed that they have or are beginning to implement zero trust initiatives. In addition, approximately 96 percent of healthcare organizations stated they had implemented a zero trust initiative or intend to do so over the next year to year and a half.
Traditionally, healthcare organizations secure devices and networks through a trusted network perimeter. However, this model does not operate effectively in the cloud since there is no perimeter to secure. Today, healthcare organizations are advised to implement a zero trust policy, often categorized as parameterless security. The primary concept of the zero trust security model is “never trust, always verify”. Under this model, devices are never trusted by default, regardless of whether they are linked to a permissioned network and have been previously verified. The zero trust model also encourages mutual authentication, which includes evaluating the identity and authenticity of devices regardless of their location and granting access to programs and services depending on the certainty of device identification and device health combined with user authentication. Under zero trust, extensive security monitoring is ensured on all devices, accounts, applications, and networks.
As the use of IoT devices, accounts, and applications in the healthcare sector continue to rise, so too do the threats to cybersecurity. Vulnerabilities in IoT devices can be used by hackers to access the data they transmit. Denial of Service (DDoS) attacks are one type of cyberattack in which an attacker floods a device’s network with internet traffic to prevent users from accessing connected online services and websites. Man-in-the-middle attacks can also exploit vulnerabilities in IoT devices. Hackers can eavesdrop on communications between two parties to alter or steal the sensitive information. Several health organizations have identified and implemented zero trust as the solution to strengthening IoT cybersecurity.
The report revealed that the most important variables for limiting and enhancing access to internal resources were device confidence, location, and a trusted IP address. These were followed by access according to the time of day or working hours and if the resource being accessed was particularly sensitive. Additionally, the report found that the healthcare sector is transitioning from password-based authentication to push authentication. Between the period of 2021 to 2022, 24 percent more healthcare organizations adopted push authentication.
Okta states, “Adoption of a Zero Trust framework provides a methodology that makes it easier for organizations to continually assess their security posture and the relative maturity of their model, and pinpoint the right security solutions to accelerate their progress at every phase of their journeys”