On April 8, 2025, I had the privilege of joining an incredible webinar titled Keys to Charting an Optimal Zero Trust Journey. Alongside Erik Decker, VP/CISO of Intermountain Healthcare, and Greg Garneau, System VP/CISO of Hospital Sisters Health System, we explored what Zero Trust truly means for healthcare organizations. Under the expert moderation of Anthony Guerra from HealthSystemCIO, the discussion gave me the chance to reflect on both the challenges of implementing Zero Trust and the powerful opportunities it creates.Zero Trust isn’t just a framework for cybersecurity—it’s about rethinking how we operate as an organization. It’s about tackling complexity, protecting patients, and, perhaps most importantly, creating an environment where innovation flourishes and daily workflows are smoother and easier for everyone involved. As someone who’s dedicated my career to improving healthcare IT, I left the conversation more inspired than ever about how Zero Trust can transform our industry.More Than Just a Security ModelOne key insight that Erik shared during the webinar rang deeply true for me: Zero Trust isn’t just a security model; it’s a mindset. For years, healthcare relied on the idea that everything within an organization’s internal environment was safe. But in today’s world—with adversaries constantly developing new tactics—we simply can’t afford that assumption.Zero Trust operates on the principle that no one and nothing should be trusted by default, even if it’s already within our walls. In practice, this means authenticating and verifying each user and device across the organization continuously. But it’s bigger than just defense. By rejecting the old perimeter-focused mentality, Zero Trust creates an architecture where resilience and efficiency thrive. It doesn’t just protect systems; it empowers innovation and collaboration by giving employees safe and seamless access to the tools they need.For example, as we discussed, clinicians working in Zero Trust environments often report smoother workflows when outdated systems are replaced with intelligent, secure solutions. Imaging specialists, remote radiologists, and even telehealth practitioners experience fewer disruptions because their access protocols are streamlined without sacrificing security. These improvements matter—not just to IT departments managing risk but to the doctors and care teams providing life-saving treatments daily.“Less downtime, less delays…makes my job easier…,” reports Dr. Devon Klein, Chairman of Radiology and Radiation Oncology at Overlook Medical Center. Watch this video to hear how investment in Zero Trust is helping Atlantic Health System’s Radiologists to deploy a secure, innovative practice where remote radiologists can quickly and easily access workflows and medical imaging systems. From Tangled Wires to Modern EleganceOne of the most striking metaphors shared during the webinar was Erik’s comparison of healthcare IT infrastructure to tangled power lines in Manila—chaotic, outdated, and nearly impossible to modernize. Anyone in healthcare IT can relate to this. For years, we’ve layered security solutions on top of legacy systems rather than addressing the foundational issues slowing us down.Zero Trust isn’t about patchwork fixes; it’s about working smarter. It allows organizations to modernize gradually and without disruption, building new systems alongside legacy infrastructure while ensuring everything is secure and cohesive. This shift—away from chaos and toward clarity—untangles IT complexity while creating space for new ideas, tools, and practices to emerge.In healthcare, this means we can focus on what truly matters: improving patient care. By eliminating friction in IT workflows and reducing vulnerabilities, Zero Trust clears the way for solutions like AI-assisted diagnosis, predictive analytics, and digital health platforms to thrive. Security isn’t just about protecting what we have—it’s about enabling tomorrow’s innovations.Building Coalitions and Driving ChangeShifting an organization to Zero Trust is no small feat, but it’s not insurmountable either. As Erik, Greg, and I discussed, everything begins with leadership buy-in and careful coalition-building. Change can feel threatening to teams who are comfortable with the status quo, but reframing the conversation in terms of security, patient care, and innovation can transform resistance into enthusiasm.In my experience, the key is helping teams understand the adversarial reality we face. Cyberattacks don’t target organizations at large—they target individuals, data, systems, and workflows. When IT teams realize that the vulnerabilities they deal with every day are exactly what adversaries exploit, they become more open to implementing solutions that simplify their responsibilities and protect their work.It’s equally critical to communicate the benefits beyond security. Zero Trust improves usability and operational efficiency. Accessing platforms becomes faster, onboarding vendors simpler, and recovering from disruptions smoother. These are gains everyone can rally around, even outside the security domain.Zero Trust: A Catalyst for Seamless Security and Bold InnovationOne of my favorite moments during the webinar came when Erik expressed how Zero Trust does more than secure organizations—it enables them to innovate safely. As healthcare IT continues to intersect with patient outcomes, operational efficiency, and clinical workflows, Zero Trust evolves into a catalyst for growth. By instilling security into the DNA of systems and workflows, healthcare organizations gain confidence to explore new tools, adopt transformative practices, and focus on delivering better care without worrying about exposing themselves to unnecessary risks.At its core, Zero Trust improves resilience. It doesn’t matter how sophisticated a breach might be—what matters is how quickly and effectively we can recover without compromising operations. For clinicians, this means fewer disruptions during critical procedures. For patients, it means uninterrupted access to life-saving treatments. And for IT teams, it means working smarter, not harder, to keep the entire ecosystem running smoothly.Looking ForwardAs healthcare leaders, our responsibility goes beyond protecting systems. We’re safeguarding patients, clinicians, and operations that countless lives depend on. Zero Trust isn’t just a defensive strategy—it’s a chance to build something stronger, smarter, and more innovative.Rather than seeing Zero Trust as a challenge, I see it as an opportunity to elevate healthcare IT, untangle complexity, and create seamless, secure experiences for everyone involved. As we move forward with these principles, I challenge my peers to think bigger and aim higher. Together, we can reimagine the architecture of trust and innovation in healthcare.To explore the webinar that inspired this reflection, visit: Keys to Charting an Optimal Zero Trust Journey. For a deeper dive, check out our Zero Trust Hospital book series.Let’s build the future of healthcare security, one step at a time.
[#item_full_content] On April 8, 2025, I had the privilege of joining an incredible webinar titled Keys to Charting an Optimal Zero Trust Journey. Alongside Erik Decker, VP/CISO of Intermountain Healthcare, and Greg Garneau, System VP/CISO of Hospital Sisters Health System, we explored what Zero Trust truly means for healthcare organizations. Under the expert moderation of Anthony Guerra from HealthSystemCIO, the discussion gave me the chance to reflect on both the challenges of implementing Zero Trust and the powerful opportunities it creates.Zero Trust isn’t just a framework for cybersecurity—it’s about rethinking how we operate as an organization. It’s about tackling complexity, protecting patients, and, perhaps most importantly, creating an environment where innovation flourishes and daily workflows are smoother and easier for everyone involved. As someone who’s dedicated my career to improving healthcare IT, I left the conversation more inspired than ever about how Zero Trust can transform our industry.More Than Just a Security ModelOne key insight that Erik shared during the webinar rang deeply true for me: Zero Trust isn’t just a security model; it’s a mindset. For years, healthcare relied on the idea that everything within an organization’s internal environment was safe. But in today’s world—with adversaries constantly developing new tactics—we simply can’t afford that assumption.Zero Trust operates on the principle that no one and nothing should be trusted by default, even if it’s already within our walls. In practice, this means authenticating and verifying each user and device across the organization continuously. But it’s bigger than just defense. By rejecting the old perimeter-focused mentality, Zero Trust creates an architecture where resilience and efficiency thrive. It doesn’t just protect systems; it empowers innovation and collaboration by giving employees safe and seamless access to the tools they need.For example, as we discussed, clinicians working in Zero Trust environments often report smoother workflows when outdated systems are replaced with intelligent, secure solutions. Imaging specialists, remote radiologists, and even telehealth practitioners experience fewer disruptions because their access protocols are streamlined without sacrificing security. These improvements matter—not just to IT departments managing risk but to the doctors and care teams providing life-saving treatments daily.“Less downtime, less delays…makes my job easier…,” reports Dr. Devon Klein, Chairman of Radiology and Radiation Oncology at Overlook Medical Center. Watch this video to hear how investment in Zero Trust is helping Atlantic Health System’s Radiologists to deploy a secure, innovative practice where remote radiologists can quickly and easily access workflows and medical imaging systems. From Tangled Wires to Modern EleganceOne of the most striking metaphors shared during the webinar was Erik’s comparison of healthcare IT infrastructure to tangled power lines in Manila—chaotic, outdated, and nearly impossible to modernize. Anyone in healthcare IT can relate to this. For years, we’ve layered security solutions on top of legacy systems rather than addressing the foundational issues slowing us down.Zero Trust isn’t about patchwork fixes; it’s about working smarter. It allows organizations to modernize gradually and without disruption, building new systems alongside legacy infrastructure while ensuring everything is secure and cohesive. This shift—away from chaos and toward clarity—untangles IT complexity while creating space for new ideas, tools, and practices to emerge.In healthcare, this means we can focus on what truly matters: improving patient care. By eliminating friction in IT workflows and reducing vulnerabilities, Zero Trust clears the way for solutions like AI-assisted diagnosis, predictive analytics, and digital health platforms to thrive. Security isn’t just about protecting what we have—it’s about enabling tomorrow’s innovations.Building Coalitions and Driving ChangeShifting an organization to Zero Trust is no small feat, but it’s not insurmountable either. As Erik, Greg, and I discussed, everything begins with leadership buy-in and careful coalition-building. Change can feel threatening to teams who are comfortable with the status quo, but reframing the conversation in terms of security, patient care, and innovation can transform resistance into enthusiasm.In my experience, the key is helping teams understand the adversarial reality we face. Cyberattacks don’t target organizations at large—they target individuals, data, systems, and workflows. When IT teams realize that the vulnerabilities they deal with every day are exactly what adversaries exploit, they become more open to implementing solutions that simplify their responsibilities and protect their work.It’s equally critical to communicate the benefits beyond security. Zero Trust improves usability and operational efficiency. Accessing platforms becomes faster, onboarding vendors simpler, and recovering from disruptions smoother. These are gains everyone can rally around, even outside the security domain.Zero Trust: A Catalyst for Seamless Security and Bold InnovationOne of my favorite moments during the webinar came when Erik expressed how Zero Trust does more than secure organizations—it enables them to innovate safely. As healthcare IT continues to intersect with patient outcomes, operational efficiency, and clinical workflows, Zero Trust evolves into a catalyst for growth. By instilling security into the DNA of systems and workflows, healthcare organizations gain confidence to explore new tools, adopt transformative practices, and focus on delivering better care without worrying about exposing themselves to unnecessary risks.At its core, Zero Trust improves resilience. It doesn’t matter how sophisticated a breach might be—what matters is how quickly and effectively we can recover without compromising operations. For clinicians, this means fewer disruptions during critical procedures. For patients, it means uninterrupted access to life-saving treatments. And for IT teams, it means working smarter, not harder, to keep the entire ecosystem running smoothly.Looking ForwardAs healthcare leaders, our responsibility goes beyond protecting systems. We’re safeguarding patients, clinicians, and operations that countless lives depend on. Zero Trust isn’t just a defensive strategy—it’s a chance to build something stronger, smarter, and more innovative.Rather than seeing Zero Trust as a challenge, I see it as an opportunity to elevate healthcare IT, untangle complexity, and create seamless, secure experiences for everyone involved. As we move forward with these principles, I challenge my peers to think bigger and aim higher. Together, we can reimagine the architecture of trust and innovation in healthcare.To explore the webinar that inspired this reflection, visit: Keys to Charting an Optimal Zero Trust Journey. For a deeper dive, check out our Zero Trust Hospital book series.Let’s build the future of healthcare security, one step at a time.
