They struggle because clinical access is now distributed across cloud EHRs, vendors, remote staff, and connected devices, while firewall rules still assume relatively fixed network boundaries. That creates brittle policy trees, audit gaps, and misconfiguration risk. Network location is too coarse to express the identity and context needed for care delivery.
Why This Matters for Security Teams
network segmentation still matters in healthcare, but it was designed for a world where traffic stayed inside a smaller set of managed boundaries. Modern care delivery is different: EHRs are cloud-hosted, specialists work remotely, vendors connect through third parties, and connected devices often need to reach services outside the local subnet. That makes IP-based trust too coarse for the way clinical access actually works, especially when the real control point is the identity behind the request. NIST’s NIST SP 800-207 Zero Trust Architecture reflects this shift by moving trust decisions closer to the request rather than the network edge.The operational problem is not only exposure, but also brittleness. Firewall trees and VLAN exceptions become a maze of one-off rules that are hard to audit and easy to break during clinical change windows. NHIMG notes in the Ultimate Guide to NHIs that 90% of IT leaders say properly managing NHIs is essential for a successful zero-trust implementation, which is directly relevant here because many “network” exceptions are really identity exceptions in disguise. In practice, many security teams discover segmentation gaps only after a new integration, remote workflow, or device rollout has already created an access path that the original network model never anticipated.
How It Works in Practice
The practical failure point is that healthcare access is increasingly governed by who or what is calling, from where, for what purpose, and under what assurance level. Network models can still separate broad zones, but they struggle to express the context needed for clinical operations. A nurse on a managed laptop, a billing application using an API key, and a telemetry device pushing vitals all look very different at the identity layer, even when they traverse similar infrastructure.Current guidance suggests using segmentation as a containment layer, not as the primary authorization model. That means pairing network controls with workload identity, strong device posture, and policy decisions that evaluate context at runtime. In zero trust terms, the network becomes one input, not the source of truth. For NHI-heavy healthcare environments, the Ultimate Guide to NHIs is useful because it frames service accounts, API keys, and third-party access as governance objects that need lifecycle control, not just firewall placement. The operational sequence is usually:
- classify each workload, device, and vendor integration by identity type and clinical function
- replace broad subnet trust with least-privilege policies tied to application and user identity
- use short-lived credentials and explicit service-to-service authorization where possible
- log and review access decisions at the identity and workload layer, not only at the perimeter
For architecture teams, this usually means combining segmentation with policy engines and centralized identity governance rather than trying to make firewall rules do all the work. These controls tend to break down when legacy medical devices cannot support modern identity standards because the network becomes the only enforceable control left.
Common Variations and Edge Cases
Tighter segmentation often increases operational overhead, requiring organisations to balance isolation against clinical agility and device compatibility. That tradeoff is especially sharp in environments with legacy imaging systems, unmanaged biomedical equipment, and third-party support channels that cannot easily join modern identity frameworks. In those cases, best practice is evolving, but there is no universal standard for replacing network trust everywhere at once.One common edge case is third-party vendor access. A vendor may need to support multiple sites, but the network model only sees a remote tunnel, not the specific application or ticket that justifies access. Another is internet-connected medical devices that require outbound connectivity to cloud management services, where static allowlists become hard to maintain. NHIMG’s Ultimate Guide to NHIs also highlights the scale problem: NHIs outnumber human identities by 25x to 50x in modern enterprises, which means segmentation-only approaches quickly become unmanageable when every integration gets its own exception. The practical answer is to use segmentation for blast-radius reduction, then enforce identity-aware controls for access decisions that change with task, time, and context.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST CSF 2.0, NIST Zero Trust (SP 800-207) and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-1 | Access is granted by identity and context, not just network location. |
| NIST Zero Trust (SP 800-207) | Section 3.1 | Zero trust directly addresses why perimeter segmentation is insufficient. |
| OWASP Non-Human Identity Top 10 | NHI-01 | Healthcare integrations often hinge on unmanaged non-human identities and secrets. |
| CSA MAESTRO | TR-2 | Agentic and automated workflows need controls beyond fixed network boundaries. |
| NIST AI RMF | AI-enabled healthcare workflows change access patterns too quickly for static segmentation. |
Assess dynamic clinical workflows for identity, context, and operational risk before granting access.
Related resources from NHI Mgmt Group
- Why do secrets create disproportionate risk in NHI environments?
- What is the difference between a rules-based secret scanner and a hybrid scanner?
- When does regex-based secret detection become too unreliable for production use?
- What is the difference between OT network segmentation and identity-based access control?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org