Because the device is reused by multiple people across shifts, so the organisation must prove who had access, when the session ended, and whether the endpoint was reset. If those controls are weak, credential sharing and lingering sign-in sessions become routine workarounds.
Why This Matters for Security Teams
Shared clinical devices compress identity, access, and endpoint hygiene into a single operational problem. A nurse, doctor, contractor, or technician may all touch the same workstation in a shift, which means the organisation must prove who authenticated, whether the session was truly terminated, and whether the next user inherited any residual access. That is an identity risk, not just a device-management issue. The pattern mirrors broader NHI exposure seen across enterprises, where identity reuse and weak lifecycle control drive compromise; NHI governance guidance in the Ultimate Guide to NHIs shows why lingering credentials and incomplete revocation are such common failure points.
In healthcare, the stakes are higher because shared endpoints often sit near clinical systems, patient data, prescribing tools, and administrative privileges. When sign-in state persists across users, the device itself becomes a bridge between identities, making audit trails unreliable and access boundaries porous. Current guidance from the NIST Cybersecurity Framework 2.0 reinforces the need for strong identity assurance, continuous protection, and logged accountability, but the real challenge is operational: shared workflows are often optimised for speed, not revocation discipline. In practice, many security teams encounter credential sharing and stale sessions only after a privacy incident or medication-system access review has already exposed the gap.
How It Works in Practice
Risk emerges when the device is treated as the trusted boundary instead of the user session. If staff can walk up, resume a previous login, or bypass re-authentication because the workstation was left unlocked, the environment loses attribution. Clinical teams often need fast handoffs, so controls must support short sessions, automatic lockout, and clear re-entry checks without creating unsafe delays at the point of care.
Effective control design usually combines several layers:
- Per-user authentication with automatic session termination at shift change, logoff, or inactivity timeout.
- Fast re-authentication for clinical workflows, such as badge tap, PIN, smart card, or passwordless re-entry where policy allows.
- Endpoint state reset so cached tokens, open browser sessions, and local app tokens do not survive user turnover.
- Central logging that ties every session to a named user, device ID, and time window for audit and incident response.
- Privileged access restrictions so admin tools, medication systems, and EHR functions are not reachable through inherited context.
For identity governance, the same lesson appears in NHI research: long-lived access and poor revocation create persistent exposure. The Top 10 NHI Issues highlights how weak lifecycle control and excessive privilege expand attack paths, and the OWASP Non-Human Identity Top 10 is useful here because shared devices often behave like poorly managed service endpoints: access persists longer than intended, and no one can prove when it really ended. Teams should align device workflows with access governance so session state, identity proofing, and endpoint reset are enforced together. These controls tend to break down in high-turnover wards with legacy applications because the applications cannot reliably terminate sessions or re-prompt for identity at handoff.
Common Variations and Edge Cases
Tighter session control often increases clinical friction, requiring organisations to balance patient throughput against identity assurance. That tradeoff is real, especially where emergency care, isolation rooms, or mobile carts make full logoff-and-relogin cycles impractical.
Best practice is evolving toward risk-based patterns rather than one rigid rule for every unit. For example, emergency departments may need shorter inactivity timers and stronger re-entry checks, while low-acuity admin areas can tolerate stricter logout behavior. Shared devices used for imaging, bedside charting, or medication administration may also need different reset rules depending on whether the application is web-based, native, or tied to a local agent that preserves tokens in the background.
There is also a distinction between device sharing and account sharing. Current guidance suggests account sharing should remain prohibited, even if hardware must be shared, because it destroys attribution and undermines incident response. Where a session broker, kiosk mode, or virtual desktop is used, the organisation should still ensure the identity is re-established at each handoff. For maturity planning, NHIMG’s Ultimate Guide to NHIs is a useful benchmark for lifecycle thinking, but healthcare teams should adapt it to clinical continuity rather than copy enterprise IAM patterns unchanged. In the most complex environments, the guidance breaks down when legacy endpoints cannot reliably clear tokens after logout and the clinical application itself retains state across users.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AA-1 | Shared devices need strong identity proofing and session attribution. |
| OWASP Non-Human Identity Top 10 | NHI-03 | Lingering sessions and reused access mirror weak credential lifecycle control. |
| NIST AI RMF | AI RMF governance principles support accountable, traceable access decisions. |
Define ownership, logging, and review for every shared-device access path.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 25, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
