Hospitals & Zero Trust: AHA & NSA Cybersecurity Guidance

The American Hospital Association (AHA) is advising hospitals and health systems to evaluate adopting a “zero trust” cybersecurity architecture, a strategy gaining traction across critical infrastructure sectors, according to a news release issued February 19.

The recommendation comes as cyberattacks targeting healthcare continue to increase in both sophistication and frequency. Zero trust is a security framework predicated on the belief that no user or device, whether inside or outside an organization’s network, should be automatically trusted. Instead, every access request is verified before being granted.

Scott Gee, AHA deputy national advisor for cybersecurity and risk, stated that implementing zero trust can “further reduce” cyber risk for hospitals through a “structured process.” The AHA’s guidance follows the recent release of implementation guidelines from the National Security Agency (NSA) for zero trust architecture.

While the NSA’s guidance is detailed, Gee noted it wasn’t specifically designed for the healthcare industry, but can be adapted to meet the unique needs of hospitals and health systems. The AHA offers a Cybersecurity and Risk Advisory Service to assist member organizations in navigating these challenges, according to the organization’s website.

The shift to zero trust represents a fundamental change in how healthcare organizations approach data security, moving away from traditional perimeter-based defenses. Experts suggest this is more than a technological upgrade, but a complete rethinking of security protocols. But, the AHA acknowledged that the cost of implementing a zero trust architecture could be substantial, potentially prohibitive for some organizations.

The AHA’s recommendation reflects a growing concern within the healthcare sector about the escalating threat landscape. A recent report from Becker’s Hospital Review highlighted the AHA’s endorsement of the strategy, noting the NSA’s role in providing implementation guidance.