TL;DR: Southern Illinois Healthcare moved from zero to full wired-network microsegmentation across four hospitals and roughly 400 beds using three resources, after building device visibility, simulation-based enforcement, and staged rollout patterns, according to Elisity. The lesson is that healthcare segmentation succeeds when network identity, not agent coverage, becomes the control point.
NHIMG editorial — based on content published by Elisity: Healthcare Microsegmentation: How SIH Secured 400+ Beds
By the numbers:
- SIH operates four hospitals, roughly 400 beds, and a Level II trauma center serving 17 to 19 counties across southern Illinois.
Questions worth separating out
Q: What breaks when healthcare segmentation depends on endpoint agents?
A: Endpoint-dependent segmentation fails when critical devices cannot run agents, cannot be modified safely, or are too legacy to support modern security tooling.
Q: Why do IoMT devices complicate microsegmentation planning?
A: IoMT devices complicate segmentation because they combine legacy operating systems, long lifecycles, and strict uptime requirements.
Q: How do security teams know if segmentation is actually working?
A: Teams should look for three signals: communication paths match approved policy, blocked traffic is observed in simulation before enforcement, and exceptions remain narrow and auditable.
Practitioner guidance
- Map device communication paths before enforcing policy Build a combined inventory from IoMT discovery, EDR, IPAM, and switch telemetry so segmentation rules reflect observed traffic rather than spreadsheet records.
- Use simulation mode as a change-control gate Run policies in simulation long enough to validate patient monitoring, imaging, and device-to-server workflows before blocking any traffic.
- Sequence rollout by operational complexity Start in a lower-risk area with predictable maintenance windows, then expand to larger sites and higher-acuity wards only after policy behaviour is proven.
What's in the full article
Elisity's full post covers the operational detail this post intentionally leaves for the source:
- Step-by-step rollout sequencing across the Cancer Institute, main hospital, and remote clinics.
- The specific switch-layer and telemetry integration pattern used to build the source of truth.
- How simulation mode was tuned to reduce risk before enforcement on clinical devices.
- The practical changes that turned security from a blocker into a controlled enabler for vendors and clinicians.
👉 Read Elisity's case study on healthcare microsegmentation at Southern Illinois Healthcare →
Healthcare microsegmentation and device identity: what teams are missing?
Explore further
Identity-based segmentation is becoming a control for device trust, not just network hygiene. Healthcare microsegmentation works when the policy boundary tracks what a device is allowed to talk to, not whether the device itself is trustworthy. That is a direct governance issue for identity programmes because devices, workloads, and service accounts all behave like identities once access is enforced through policy. Practitioners should treat segmentation as part of access governance, not a separate infrastructure project.
A question worth separating out:
Q: How should hospitals handle temporary access for vendors and support teams?
A: Hospitals should grant the smallest possible access for the shortest workable duration, tied to a specific device or system and reviewed after use. The goal is to enable support without reopening broad network paths. That keeps clinical operations moving while preserving containment and auditability.
👉 Read our full editorial: Healthcare microsegmentation shows why network identity matters at scale