TL;DR: Healthcare access in distributed care settings now depends on identity, context, and least-privilege controls because VPN-centric models still grant broad trust after login, according to Appgate's analysis. That model increases lateral movement risk, weakens auditability, and complicates secure third-party access.
NHIMG editorial — based on content published by Appgate: healthcare access security and the shift from perimeter trust to identity-driven control
Questions worth separating out
Q: How should healthcare organisations reduce risk from vendor remote access?
A: Start by treating vendor access as a governed non-human identity lifecycle, not a one-time network exception.
Q: Why do VPN-centric access models create audit problems in healthcare?
A: Because they usually prove only that someone connected to the network, not what they were allowed to reach inside it.
Q: What breaks when broad network access is used for clinical and vendor users?
A: Least privilege breaks first, because users receive far more reach than their role requires.
Practitioner guidance
- Inventory every external access path Map vendors, contractors, biomedical providers, and managed service accounts to the exact systems they can reach, then remove any broad network access that is not tied to a named business function.
- Scope access to the application, not the network Replace generic VPN reach with policies that permit only the specific EHR, imaging, telehealth, or device-management resources required for each role and support task.
- Set expiry and offboarding on every vendor identity Give third-party access a defined end date, enforce recertification, and revoke credentials immediately when the support relationship or maintenance window ends.
What's in the full article
Appgate's full article covers the operational detail this post intentionally leaves for the source:
- A healthcare-specific breakdown of how VPN-centric access models create over-permissioned pathways across clinical environments.
- Practical examples of identity-driven access controls for clinicians, vendors, and distributed care settings.
- Appgate's own positioning on how ZTNA can be applied to EHR, imaging, telehealth, and remote maintenance workflows.
- Implementation-oriented benefits for audit visibility, third-party connectivity, and performance in care delivery.
👉 Read Appgate's analysis of healthcare access security beyond the perimeter →
Healthcare access security beyond VPNs: what IAM teams must fix?
Explore further
Broad network trust is the wrong governance model for healthcare access. Healthcare environments now combine remote clinicians, external vendors, cloud services, and connected medical devices. A VPN that opens the network after login does not distinguish between a one-system task and a broad trust relationship. That is a governance failure, not just a configuration issue. Practitioners should stop treating network admission as equivalent to access authorization.
A few things that frame the scale:
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, which widens the control gap between policy and implementation.
A question worth separating out:
Q: Who is accountable when third-party access is overextended in a hospital?
A: The accountable teams are identity governance, security architecture, and the business owners who approve access, because they define the scope and lifecycle of external identities. HIPAA and HITECH expectations make it hard to defend broad, persistent access that is not tied to a documented need and an auditable control set.
👉 Read our full editorial: Healthcare access security is moving beyond perimeter trust