Healthcare Security: Fighting the Threat at Zero Trust

Healthcare systems are under attack by cyber threat actors and do not appear to have any immediate relief. Nearly 400 healthcare cyberattacks were reported by the first three quarters of 2024, with over 1.2 million patients affected by data breaches this year alone.

Against the background to this threat, healthcare institutions such as Main Line Health rely on technology partners within the cybersecurity community, such as Elisity Inc., to mitigate the impact of violations and protect critical systems.

“There's a lot of pressure. Threat actors, especially like other critical infrastructure, are targeting health systems. “They do so because regulatory violations and impact on patient dignity are revenue drivers for them. Fortunately, our tools are more refined. We partner with more vendors that can provide some of the infrastructure that helps reduce the explosion radius of attacks.”

Weismann spoke with John Furrier of TheCube at the ThaC 2025 conference. It is currently airing exclusively on TheCube, Siliconangle Media's LiveStreaming Studio. He was joined by Erigiti's CEO James Weinbrenner (right), who discussed the challenges and solutions to protect the healthcare industry. (*Disclosure below.)

Minimum privileged access to healthcare

For technology companies such as Elisity, part of the challenges of working with healthcare organizations to protect their systems is that the patient's care environment can be extremely complicated. In addition to managed desktops, laptops and wireless devices, there is a significant amount of IoT connectivity.

Main Line Health CISO Aaron Weismann and Elisity CEO James Winembrenner talk about healthcare with TheCube during RSAC.

“We can identify these different classes of systems and segment them for segmentation, as well as allow us to actually migrate to a minimal privileged access model,” Winembrenner said. “Does an MRI machine need to talk to an IP video camera on the fifth floor? The answer is no. You can talk to a patient surveillance system.”

To address this level of complexity in a healthcare environment, Elisity focuses on providing visibility into the tangled web of connected devices and creating policies for minimal privileged access and zero trust. This allows organizations such as Mainline Health to make informed decisions about device segmentation while maintaining appropriate context for effective patient care.

“We build a software-defined control plane that can be extended to existing infrastructure, gather communication metadata, and marry other sources of identity and context in our customer's environment,” says Winembrenner. “We provide our customers with a holistic view of all these assets, allowing them to build policies based on their identity and context, rather than the underlying network configuration.”

Both Weismann and Winembrenner have come to understand the importance of delivering technology solutions in today's patient healthcare. Clinical business staff want to be involved as they understand the important role cybersecurity can play in the ongoing delivery of patient care.

“One of the biggest points is that clinical surgeries actually love helping to design technology,” Weissman said. “They are very interested in technology support for patient care. When they start communicating in a clinically relevant way with the introduction of these concepts, they can get really solid buy-in from the clinical operator.

This is a full video interview that is part of Siliconangle and part of TheCube's coverage of the RSAC 2025 conference event.

(*Disclosure: Elisity Inc. sponsored this segment of TheCube. Neither Elisity nor any other sponsors edit content from TheCube or Siliconangle.)

Photo: Silicon Angle