To the Editor,
In a recently published paper in this journal, Vukotich 1 explored the critical issue of cybersecurity in the healthcare sector, which is becoming increasingly pertinent in our technologically advancing world. The author argued that the healthcare industry has been grappling with a surge in cybersecurity threats, particularly ransomware attacks, which pose a severe risk to both patient data and the smooth functioning of healthcare organizations. 1 The article’s in-depth examination of recent breaches and their underlying causes has undoubtedly raised important questions about the efficacy of our current cybersecurity measures. In this paper, I would like to highlight the author’s emphasis on the importance of adopting a Zero Trust approach in healthcare.
The Zero Trust model, which prioritizes a stringent, continuous verification of network traffic and access controls, is a promising paradigm shift in cybersecurity. Its relevance in the healthcare industry is undeniable, given the sensitive and confidential nature of patient data and the dire consequences of breaches. Zero Trust offers a comprehensive strategy to safeguard both individuals and organizations in the healthcare sector. 2 In an era characterized by technological advancements, it comes as no surprise that the healthcare industry, like many others, is grappling with the mounting challenges of cybersecurity. Alam et al, 3 calls for a need to redesign the health system for global health security.
Cyber threats, particularly ransomware attacks, have become increasingly common, exposing the vulnerabilities in our healthcare systems. It is paramount that we reevaluate and reinforce our cybersecurity measures to protect the most sensitive of data—patient records—and ensure the smooth operation of healthcare organizations. 4 Vukotich’s 1 article effectively conveys the significance of implementing Zero Trust as a proactive measure to prevent security breaches, rather than reacting to them after they have occurred. This approach is particularly crucial in the healthcare sector, where even a single breach can lead to consequences for patients, financial, and healthcare institutions. 4
Recent headlines have been replete with stories of healthcare data breaches. These breaches have not only raised serious questions about the safeguarding of patient data but have also laid bare the urgency for robust cybersecurity solutions. 5 The consequences of these breaches are profound, ranging from the loss of patient trust to severe financial repercussions for healthcare institutions. The critical question that arises is: How can we proactively safeguard the integrity of healthcare data and protect the organizations responsible for its storage and management? The answer may lie in a paradigm shift, one that challenges traditional cybersecurity approaches.
Born out of a need for more comprehensive cybersecurity, Zero Trust calls for a stringent, continuous verification of network traffic and access controls. 1 It discards the notion that those inside the perimeter of an organization’s network are inherently trustworthy and treats every request for access as if it originates from an untrusted source. 2 Table 1 presents the 7 pillars of Zero Trust approach to cybersecurity. 1
Table 1.
7 pillars of Zero Trust approach to cybersecurity.
| Security category | Focus and components |
|---|---|
| User | Continuous authentication—Access regulation—Monitoring of user activity patterns—Password and multi-factor authentication |
| Devices | Physical devices used for system access—Built-in memory—GPS for location tracking—Real-time monitoring—Software patching |
| Applications & Workloads | Control of login access—Varied access levels for different users—Use of individual user IDs—Monitoring and protection of containers and virtual machines |
| Data | Data at rest (storage) protection—Data in transit (encryption)—Data in use (integrity) |
| Network & Environment | Protection of data in transit—Utilization of encryption |
| Automation & Orchestration | Automated security responses—AI-driven decision-making |
| Visibility & Analytics | Continuous monitoring and analysis—Contextual application of AI and machine learning |
The applicability of Zero Trust to the healthcare industry is self-evident. Patient data is perhaps the most sensitive information stored in any sector, and breaches in healthcare can have life-threatening consequences. 1 The Zero Trust model, by design, ensures the highest level of security by treating every access request with skepticism. The traditional approach to cybersecurity—securing the perimeter and hoping that threats do not originate from within—is no longer sufficient. 2 Zero Trust forces healthcare organizations to adopt a proactive stance in preventing breaches rather than reacting after the fact. As cybersecurity threats continue to evolve and increase in complexity, taking a proactive stance on healthcare security is not merely an option but an ethical imperative. 4 This paradigm shift necessitates a collective commitment from healthcare organizations, regulatory bodies, and policymakers to ensure that patient data is safeguarded to the highest standard. 5
In conclusion, as healthcare embraces a Zero Trust approach to cybersecurity, it opens the door to a new era of protection. By doing so, the industry takes a proactive step toward safeguarding patient data, preserving patient trust, and securing the future of healthcare.
Footnotes
Funding: The author received no financial support for the research, authorship, and/or publication of this article.
The author declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
Author Contribution: JC contributed to the conceptualization, formal analysis, writing – original draft, and writing – review and editing.
ORCID iD: Jeff Clyde Corpuz 
https://orcid.org/0000-0003-1517-4866
References
- 1. Vukotich G. Healthcare and cybersecurity: taking a Zero Trust approach. Health Serv Insights. 2023;16:11786329231187826. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 2. Wang Z, Yu X, Xue P, Qu Y, Ju L. Research on medical security system based on Zero Trust. Sensors (Basel). 2023;23:3774. [DOI] [PMC free article] [PubMed] [Google Scholar]
- 3. Alam U, Nabyonga-Orem J, Mohammed A, Malac DR, Nkengasong JN, Moeti MR. Redesigning health systems for global heath security. Lancet Glob Health. 2021;9:e393-e394. [DOI] [PubMed] [Google Scholar]
- 4. Corpuz JCG. Artificial intelligence (AI) and public health. J Public Health (Oxf). Published online June 12, 2023. doi: 10.1093/pubmed/fdad074 [DOI] [PubMed] [Google Scholar]
- 5. Corpuz JCG. Ethical principles of artificial intelligence in public health. J Public Health (Oxf). Published online August 25, 2023. doi: 10.1093/pubmed/fdad165 [DOI] [PubMed] [Google Scholar]