Microsegmentation in Healthcare: Omdia Survey Findings

Nearly half of healthcare security leaders experienced a lateral movement attack in the past year, according to a 2025 Omdia survey of 176 healthcare security leaders. Yet only 9% of organizations have protected more than 80% of their critical systems with microsegmentation in healthcare environments. That gap between intent and execution carries a measurable cost: healthcare data breaches averaged $7.42 million per incident in 2025, the highest of any sector for the fourteenth consecutive year, according to IBM. And the threat is accelerating. Health-ISAC reported a 55% surge in cyber incidents targeting the health sector in 2025, with ransomware remaining the most persistent and damaging threat.

To understand how healthcare organizations are responding, we commissioned Omdia to survey 352 cybersecurity decision makers across healthcare and manufacturing. The healthcare cohort (N=176) reveals a sector that overwhelmingly recognizes microsegmentation as essential, but has struggled to move from legacy network controls to the identity-based approaches these environments demand. This post breaks down those findings and what they mean for healthcare CISOs weighing IoMT security, HIPAA compliance, and an expanding attack surface.

The Healthcare Threat Landscape: Why Microsegmentation in Healthcare Is Urgent

Microsegmentation in healthcare is the practice of enforcing granular, identity-based access boundaries between every device, user, and system on a clinical network, so that a compromised device cannot move laterally to reach patient monitors, infusion pumps, or electronic health records. Healthcare is under sustained attack. The 2025 Ponemon/Proofpoint study found that 93% of healthcare organizations experienced at least one cyberattack in the prior 12 months, averaging 43 attacks per organization. But data loss is not even the primary concern anymore. Among organizations that suffered attacks, 72% reported disruptions to patient care, 54% reported increases in medical procedure complications, and 29% reported increases in patient mortality rates.

Survey respondents in the Omdia study described what this looks like on the ground: ransomware encrypting electronic health records and delaying treatment, corrupted laboratory information systems leading to misreported results, compromised infusion pumps and ventilators, disrupted telemedicine platforms. One respondent flagged the risk of malware going undetected while modifying patient records, leading to incorrect treatment decisions. Another raised concerns about ransomware targeting blood bank systems, preventing access to critical supplies.

And there are simply more devices to defend than ever. The average hospital now houses 10 to 15 connected medical devices per bed, and 89% of healthcare organizations operate connected medical devices with known exploitable vulnerabilities. When a single compromised device can enable lateral movement across an entire hospital network, the case for microsegmentation becomes a patient safety issue, not just an IT one.

Intent Versus Execution: The Healthcare Microsegmentation Gap

The Omdia survey data shows ambition outpacing implementation. Across all 352 respondents, 99% are either implementing or planning microsegmentation. The business drivers are clear: Zero Trust strategy (68%), regulatory compliance (60%), ransomware and lateral movement risk (54%).

Actual coverage looks very different. Only 9% report that more than 80% of critical systems are protected. Meanwhile, 40% report coverage of just 21% to 50%, and 21% report coverage of 20% or less. By their own assessment, over 90% of organizations are falling behind.

In healthcare, partial coverage is especially dangerous. An attacker who gains access through an unsegmented IoMT device can move laterally to reach electronic health records, prescription systems, or clinical workstations. Partial segmentation creates a false sense of security while leaving critical pathways exposed.

Despite ranking first among planned security priorities, microsegmentation sits near the bottom at 24% among currently deployed Zero Trust initiatives. Healthcare organizations know they need it. They just haven’t been able to get there with legacy tools.

Why Legacy Segmentation Methods Are Failing Healthcare

The Omdia data confirms what many healthcare security teams have experienced firsthand: traditional network segmentation methods were not built for clinical environments. When asked which methods they had tried, respondents reported VLANs (53%), ACLs (49%), host-based firewalls (44%), NAC (35%), fabric overlay (17%), and agent-based approaches (12%).

Each carries significant limitations in healthcare. VLANs and ACLs require manual configuration for every device and network change. In a hospital where beds are reassigned, devices are mobile, and visiting clinicians connect daily, static network constructs can’t keep pace. NAC depends on agents and 802.1X authentication, which most IoMT devices, patient monitors, and infusion pumps don’t support. Agent-based microsegmentation requires software on every endpoint, which isn’t feasible when you’re dealing with thousands of FDA-regulated medical devices that can’t accept third-party software.

Integration compounds the problem. Healthcare respondents ranked SIEM, EDR, and SOAR integration as their top challenge with previous microsegmentation efforts (more than 50% selected this). When security operations teams already manage dozens of tools, a microsegmentation solution that can’t feed data into existing SIEM workflows or respond to EDR alerts creates yet another silo.

The industry does recognize progress: 62% say microsegmentation is easier to deploy than five years ago. Easier doesn’t mean easy enough, though, when most teams are still running on legacy methods designed for static data center environments, not dynamic clinical networks.

The Familiarity Gap: An Awareness Problem as Much as an Execution Problem

One of the most revealing findings in the Omdia survey is the disconnect between microsegmentation awareness and hands-on experience. Only 22% of respondents describe themselves as “very familiar” with modern microsegmentation tools. Another 42% say “moderately familiar,” 31% say “slightly familiar,” and 5% report no familiarity at all.

That’s a striking number. Modern microsegmentation has shifted significantly in recent years, and identity-based approaches operate fundamentally differently from the VLAN and ACL methods that most practitioners cut their teeth on. (For background on how IT, OT, IoMT, and SOC teams can align around these new approaches, see the alignment guide.) When 78% of the market lacks direct experience with these newer tools, purchasing decisions, deployment timelines, and success metrics all suffer.

In healthcare, this gap is compounded by clinical complexity. Security teams need to understand not just network topology, but clinical workflows, device communication patterns, and regulatory requirements. A microsegmentation approach that requires deep networking expertise to configure and maintain will stay stuck in pilot mode. One that operates at the identity layer, automatically classifying devices and applying policy based on what a device is rather than where it sits, can close the gap between intent and execution.

Healthcare-Specific Challenges: Clinicians, Devices, and Compliance

The User Segmentation Challenge

Healthcare faces a segmentation complexity few other industries share: a constantly rotating population of authorized users, each requiring different access levels. The Omdia survey asked healthcare respondents (N=164) which user types require the most granular segmentation consideration:

• Visiting clinicians: 74%
• Clinical staff: 72%
• Equipment vendors: 39%
• Temporary workers: 37%
• Service contractors: 34%
• Equipment suppliers: 32%
• Maintenance staff: 31%
• Remote engineers: 25%
• Third-party support: 24%
• OT system integrators: 21%

Visiting clinicians at 74% and clinical staff at 72% tower over every other category. A visiting surgeon who needs access to imaging systems, patient records, and surgical equipment for a single procedure represents a segmentation use case that VLANs and ACLs were never designed to handle. That access must be provisioned, monitored, and revoked within hours, not days.

The Device Segmentation Challenge

On the device side, healthcare respondents (N=176) identified which devices present the greatest segmentation challenges:

• Patient monitoring systems: 59%
• Medical devices and IoMT: 55%
• Remote access terminals: 44%
• Robotic systems: 41%
• Contractor devices and BYOD: 38%
• Building management systems: 36%
• Mobile clinical devices: 31%
• Vendor-managed equipment: 24%

Patient monitoring systems and IoMT devices top the list because they share traits that defeat legacy approaches: embedded operating systems that can’t accept agents, proprietary protocols, continuous connectivity requirements for patient safety, and default credentials that can’t be changed without voiding warranties or FDA clearance. These devices matter most for patient outcomes, and they’re the hardest to protect with traditional methods. For a deeper look at how healthcare organizations are managing medical device security and exploitability, see our companion analysis.

HIPAA and Compliance Pressure

Regulatory requirements add urgency. The proposed HIPAA Security Rule updates reclassify network segmentation from an “addressable” implementation specification to a mandatory requirement under 45 CFR 164.312(a). Healthcare organizations will need to demonstrate that they have implemented technical controls to segment electronic information systems, creating clear boundaries between operational and IT networks. HHS is expected to finalize these updates by mid-2026, with a compliance deadline approximately 240 days after publication.

The Omdia survey reflects this regulatory pressure. Across all respondents, regulatory compliance ranks as the second-highest business driver for microsegmentation at 60%, and 32% cite cyber insurance requirements as a direct business driver. For healthcare CISOs, microsegmentation is becoming a compliance obligation, not just a security best practice.

What Healthcare Organizations Want: Identity-Based Microsegmentation

When asked to identify the most desirable microsegmentation capabilities, the answers left little ambiguity. Identity-based microsegmentation leads at 69%, followed by lateral movement prevention at 54%, fast deployments at 51%, cloud-delivered management at 48%, and comprehensive device visibility at 44%.

These preferences map directly to the challenges we’ve outlined. Identity-based controls solve the visiting clinician problem by defining access based on who the user is and what device they’re using, not which network port they connect to. Fast deployments address the reality that healthcare security teams can’t dedicate years to a segmentation project. And device visibility closes the gap that 44% identified as their most critical shortfall.

There’s a broader shift in perception here, too. Survey respondents reinforced this: 85% agree that modern microsegmentation provides greater risk reduction than traditional methods, 75% agree that microsegmentation is essential for lateral movement prevention, and 70% agree that traditional segmentation is no longer sufficient. On that point the data is settled. The question isn’t whether to adopt modern microsegmentation anymore, it’s how to do it without disrupting clinical operations.

For healthcare specifically, identity-based approaches align with how clinical workflows actually function. A nurse moving between units needs consistent access to patient records regardless of which workstation or floor they’re on. An IoMT device relocated from one wing to another needs its security policy to follow it. These are identity problems, not network topology problems.

Microsegmentation in Healthcare and HIPAA Alignment

The convergence of the proposed HIPAA Security Rule updates and the Omdia survey findings creates urgency, but it also provides a useful framework. The proposed rule requires covered entities to implement network segmentation controls, maintain a technology asset inventory, and produce network maps showing data flows for ePHI systems. These aren’t aspirational guidelines, they’re enforceable requirements with financial penalties.

Consider how identity-based microsegmentation maps to the core elements of the proposed rule:

• Asset inventory and network mapping: Modern microsegmentation platforms begin with thorough asset discovery and classification, building the exact inventory and network maps that the proposed rule requires
• Access control (45 CFR 164.312): Identity-based policies enforce least-privilege access at the device and user level, satisfying the requirement for technical controls that restrict access to ePHI
• Audit controls: Centralized policy management and identity-enriched logging provide the audit trails and compliance documentation that OCR reviewers require
• Transmission security: Microsegmentation controls which devices and users can communicate with ePHI systems, addressing the requirement to guard against unauthorized access during transmission

OCR’s 2025 enforcement actions reinforce the connection between segmentation and compliance. The office resolved 21 HIPAA violation cases in 2025, collecting over $8.3 million in penalties, with 76% of enforcement actions including a penalty for risk analysis failures. Organizations that lack visibility into their network, the very visibility that microsegmentation provides, are the ones most exposed to enforcement risk.

A Practical Path Forward: Four Priorities for Healthcare CISOs

Where does this leave healthcare security leaders? The Omdia data points to four practical priorities.

1. Start with Comprehensive Device Visibility

You cannot segment what you cannot see. With 44% of respondents citing device visibility as their most critical gap, the first priority is building a complete, continuously updated inventory of every asset on your network: managed IT endpoints, IoMT devices, building management systems, and the devices that visiting clinicians and vendors bring in daily. Platforms that integrate with clinical asset intelligence tools from vendors like Claroty (Medigate) and Armis can accelerate discovery without requiring agents on medical devices.

2. Prioritize Identity Over Network Topology

The survey data is unambiguous: 69% want identity-based controls, and the top segmentation challenges (visiting clinicians, clinical staff, patient monitors, IoMT) are all identity problems. Evaluate solutions that define policy based on asset and user identity rather than IP addresses, VLANs, or physical network ports. This is especially critical for your teams dealing with visiting clinician access (74% flagged this), where static network constructs can’t keep pace.

3. Demand Integration with Your Existing Security Stack

With SIEM, EDR, and SOAR integration ranking as the top challenge, any microsegmentation deployment must work with your existing tools, not alongside them. The Omdia data shows integration requirements led by SIEM (67%), EDR (54%), SOAR (49%), and identity platforms (43%). A solution that feeds identity-enriched telemetry into your SIEM and responds to EDR alerts by tightening policies in real time will actually reduce your team’s workload instead of adding to it. (For more on how the healthcare security vendor landscape is evolving to meet these integration demands, see the 2026 vendor roundup.)

4. Align Deployment with HIPAA Timelines

With the proposed HIPAA Security Rule expected to be finalized by mid-2026 and a compliance deadline roughly 240 days later, the window to move from planning to execution is narrowing. Use this timeline to justify your budget, accelerate proof-of-concept evaluations, and establish baseline segmentation for your highest-risk assets: patient monitoring systems, IoMT devices, and ePHI systems.

Moving from Data to Action

The Omdia 2025 microsegmentation survey reveals a healthcare sector at an inflection point. The intent is there: 99% are implementing or planning microsegmentation. The awareness is there: 57% rank it as their top initiative for stopping lateral movement. But the execution lags dangerously behind, with only 9% achieving meaningful coverage of critical systems.

The path forward isn’t more effort behind the same legacy approaches. Healthcare environments, with their mix of IoMT devices, visiting clinicians, and regulatory obligations, require an identity-based approach. The respondents are saying this themselves: 69% want identity-based controls, 85% agree modern microsegmentation provides greater risk reduction, and 70% acknowledge traditional segmentation is no longer sufficient.

The Omdia 2025 data points to one conclusion: legacy VLAN and ACL segmentation cannot protect modern clinical networks, and identity-based microsegmentation is the approach healthcare security leaders now prefer (69%) and consider essential (75%). For healthcare CISOs, the question has shifted from “should we pursue microsegmentation” to “how quickly can we deploy an approach that actually works for clinical environments.” The data points to identity-based microsegmentation that works with existing infrastructure, integrates with the security tools teams already run, and moves at the speed healthcare demands. Identity-based microsegmentation platforms, including Elisity, are designed to address exactly these requirements: protecting patient data and clinical systems without disrupting clinical care delivery. St. Luke’s University Health Network shows what that looks like in practice, microsegmenting 15 hospitals and 85,000 connected devices in just 46 days without interrupting patient care.

Download the complete Omdia 2025 microsegmentation survey eBook for the full findings, including detailed data on deployment patterns, integration requirements, and the roadmap to modern microsegmentation.

Frequently Asked Questions About Microsegmentation in Healthcare

What is microsegmentation in healthcare, and why does it matter for patient safety?

Microsegmentation in healthcare creates granular, policy-enforced boundaries between devices, users, and systems on a hospital network. Unlike traditional network segmentation (which groups devices into broad VLANs), microsegmentation isolates individual medical devices, workstations, and IoMT systems based on identity and function. It prevents an attacker who compromises one device from moving laterally to reach patient monitors, infusion pumps, or EHRs. With 72% of healthcare organizations reporting care disruptions from cyberattacks, containment through microsegmentation is a clinical priority.

How does microsegmentation help with HIPAA compliance?

The proposed updates to the HIPAA Security Rule reclassify network segmentation from an “addressable” specification to a mandatory requirement. Healthcare organizations will need to demonstrate technical controls that segment systems storing or transmitting ePHI. Microsegmentation supports compliance by providing full asset discovery (required for risk analysis), enforcing least-privilege access, generating audit trails, and restricting unauthorized communication between segments. With OCR collecting over $8.3 million in HIPAA penalties in 2025, and 76% of enforcement actions tied to risk analysis failures, organizations without effective segmentation face increasing regulatory exposure.

Why is identity-based microsegmentation better than VLANs for medical device security?

VLANs require manual assignment and static rules. In a healthcare environment with 10 to 15 connected devices per bed and visiting clinicians connecting daily, that approach can’t provide per-device protection. Identity-based microsegmentation classifies each device by what it is (make, model, function, risk profile) rather than where it sits. An infusion pump gets the same policy regardless of which floor or network port it connects to. The Omdia survey confirms the preference: 69% want identity-based controls, and 70% agree traditional segmentation is no longer sufficient.

What are the biggest barriers to deploying microsegmentation in healthcare?

The survey identifies compounding barriers: an experience gap (only 22% have hands-on familiarity with modern tools), reliance on legacy methods that can’t handle IoMT devices, and SIEM/EDR/SOAR integration ranked as the top challenge. Add the complexity of healthcare networks, where patient monitoring systems (59%), medical devices (55%), and visiting clinicians (74%) all require specialized segmentation, and it’s clear why traditional approaches have stalled. Overcoming these barriers requires agentless deployment, identity-based policy enforcement, and native integration with existing security tools.

How long does microsegmentation take to deploy in a hospital?

Modern identity-based microsegmentation deploys in weeks rather than the months or years legacy methods require, because it uses your existing network infrastructure and does not need agents on medical devices. St. Luke’s University Health Network microsegmented 15 hospitals and 85,000 connected devices in 46 days without interrupting patient care. The Omdia survey found fast deployment is the third most desired capability (51%), behind identity-based controls (69%) and lateral movement prevention (54%).

Further Reading

• Download the Omdia 2025 Microsegmentation Survey eBook
• Microsegmentation in Manufacturing: Omdia Survey Findings
• Case Study Video: St. Luke’s Microsegments 15 Hospitals and 85,000 Devices in 46 Days
• Healthcare Microsegmentation at 15 Hospitals: The St. Luke’s Story
• HIMSS and Elisity Microsegmentation Survey on Medical Device Security
• The HIPAA Security Rule 2026: What Hospital CISOs Must Do in 240 Days
• The Ultimate Guide to IT, OT, IoMT and SOC Team Alignment
• Top Healthcare Cybersecurity Vendors 2026
• Medical Device Security 2026: From Vulnerability to Exploitability
• Gartner Cool Vendors in CPS Security 2025