<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2849132&amp;fmt=gif">

Insights from Healthcare CISOs

Medical Device Security: A Conversation with Industry Leaders at RSAC 2025

Watch Elisity's RSAC Interview with David Holmes, CTO for Application Security at Imperva, and well-known industry analyst for cybersecurity and Field CTO - CISO at Claroty discuss about the past present and future or Network Segmentation and Healthcare IT.

RSAC 2025 Interview Summary: The Golden Age of Microsegmentation in Healthcare IT

At RSAC 2025, David Holmes (CTO, Imperva) and Skip Sorrels (Field CTO/CISO, Claroty) explored the revolutionary transformation of network segmentation in healthcare environments, highlighting how modern solutions are finally solving decade-old challenges.

Healthcare's Unique Challenge

Sorrels, drawing from six years as a healthcare CISO, highlighted the sector's distinct challenge: medical devices with 15-20 year lifespans that eventually lose vendor security support while remaining clinically operational. "Risk begins to go up while the useful lifespan continues," he explained. "The only way you can really buy yourself time is through microsegmentation."

Traditional NAC implementations promised 2-3 year deployment cycles but delivered operational nightmares. With millions of IPs active daily and the impossibility of installing agents on IoMT devices, healthcare organizations faced insurmountable barriers to effective network segmentation.

Elisity's Breakthrough: Network-Based Microsegmentation

Holmes proclaimed we're in "the golden age of microsegmentation," specifically citing how Elisity solved what legacy vendors couldn't. "Elisity actually gets the network to do the work," he emphasized, contrasting this with the decade-long struggle where network vendors failed because "the networking community is in the business of connecting things, not shutting them down."

Unlike traditional approaches requiring agents or complex VLANs, Elisity enables rapid implementation using existing infrastructure—crucial for healthcare where IoMT devices cannot support agents and clinical operations cannot tolerate disruption.

Claroty-Elisity Integration: Accelerating Value

The integration fundamentally changes microsegmentation economics. Sorrels described their automated workflow: when Claroty detects a new device, it communicates with Elisity to determine if it's a "known good entity," automatically assigning appropriate segmentation or quarantining for evaluation.

This automation solves what Holmes called the traditional microsegmentation nightmare—years of traffic analysis followed by an "enforcement button" that breaks critical systems. Instead, the solution enables "horizontal microsegmentation" where policies apply based on Claroty-identified device types (e.g., all video cameras restricted to specific server communications).

HHS 405(d) and HIPAA Compliance

This approach directly addresses HHS 405(d) requirements and HIPAA mandates for network segmentation. Healthcare organizations can now implement granular segmentation, enforce least-privilege access, and maintain real-time visibility—all without the operational overhead that made compliance nearly impossible with legacy solutions.

"Quarantine" capabilities, previously non-existent in traditional microsegmentation, now allow healthcare IT to evaluate unknown devices without completely blocking potentially critical clinical equipment—addressing the fear of "mad clinicians" when legitimate devices are denied access.

Zero Trust Pragmatism

Both experts offered realistic Zero Trust perspectives. Rather than treating it as unreachable nirvana, they emphasized progress through replacing implicit trust with explicit policy. "If you're doing it in the network with Elisity and you're in blocking mode, you have made huge strides toward Zero Trust," Holmes stated.

AI's Healthcare Impact

The conversation concluded with AI security insights. Sorrels shared how his organization immediately blocked ChatGPT after discovering clinicians unknowingly introduced PHI into AI platforms through dictation and x-ray uploads. Both agreed that while AI-Zero Trust integration remains nascent, foundational microsegmentation becomes even more critical as healthcare explores AI adoption.

This RSAC discussion illuminated how modern microsegmentation solutions like Elisity, integrated with platforms like Claroty, are finally delivering practical, implementable network security that addresses healthcare's unique challenges while meeting stringent regulatory requirements.

 

Small_Logo
Mainline-customer-spotlight-image

Customer Spotlight

“Elisity has changed how we look at microsegmentation solutions overall and we have now experienced how Elisity is the easiest to implement and easiest to manage.”

— Aaron Weismann, CISO, Main Line Health

Home_Eyebrow

Network Segmentation Without Compromise

Transform network security with identity-based microsegmentation that enables Zero Trust in weeks, not years.

The Numbers

Main Line Health deploys Elisity microsegmentation enterprise-wide across their Cisco infrastructure with Armis integration, providing comprehensive protection at every facility with network presence.

6,000+

Actively Enforced Policies

+100k

IoT, OT, and IoMT Devices Protected

150

Hospitals, Health centers and physicians' practices

3

Days to Deploy

Challenge

Expanded Attack Surface

The proliferation of connected medical and IoT devices has expanded the attack surface across clinical environments, creating new attack vectors that cybercriminals exploit to gain unauthorized access to critical patient care systems and protected health information (PHI). With thousands of devices spanning multiple facilities, healthcare organizations struggle to maintain visibility and control.​

Down_arrow
challenge-solution_icon

Elisity Solution

Comprehensive Healthcare Visibility

Elisity IdentityGraph™ transforms your switches into data sensors that automatically discover and classify all connected devices—including medical equipment, IoMT devices, clinical workstations, and building management systems—providing complete visibility across your entire healthcare environment without disrupting patient care. This visibility extends across all facilities in your healthcare system.​

Challenge

Legacy Medical Device Vulnerabilities

Clinical devices and IoMT systems often run legacy software, proprietary operating systems, or have long replacement cycles, making them impossible to patch regularly or secure with traditional endpoint solutions. These devices represent a significant portion of a healthcare organization's infrastructure but remain largely unprotected by conventional security tools.​

Down_arrow
challenge-solution_icon

Elisity Solution

HIPAA-Compliant Segmentation

Easily implement the network segmentation controls required by the 2025 HIPAA Security Rule update through identity-based policy groups that logically segment your clinical environment without complex VLAN configurations or network architecture changes. Our solution aligns with HHS 405(d) guidelines to help you achieve favorable regulatory treatment.​

Challenge

HIPAA Compliance Complexity

Meeting stringent HIPAA Security Rule requirements, especially the new 2025 mandated network segmentation controls, becomes increasingly difficult with traditional approaches that require complex VLAN configurations and static firewall rules. HHS 405(d) Health Industry Cybersecurity Practices (HICP) further emphasizes the need for robust network protection through segmentation.​

Down_arrow
challenge-solution_icon

Elisity Solution

Zero-Disruption Deployment

Deploy medical microsegmentation using your existing network infrastructure without requiring new hardware, device agents, or clinical downtime—maintaining continuous patient care operations critical to healthcare environments with multiple facilities and thousands of caregivers.​

Frame 427319008

Clinical Continuity

Healthcare organizations cannot tolerate disruptions to patient care that traditional security implementations often require, creating resistance to implementing proper security controls while maintaining 24/7 clinical operations across multiple hospitals and specialty clinics.​

Down_arrow
challenge-solution_icon

Elisity Solution

Phased Security Implementation

Roll out your fine-tuned policies in waves using Elisity's Simulation Mode to analyze policy impact, identify potential issues, and refine policies before full-scale deployment, safeguarding your clinical operations while strengthening security posture across your entire healthcare organization.​

Resources

Download the 2025 HIPAA Security Rule Update: Network Segmentation Implementation Guide

Discover how Elisity's identity-based microsegmentation helps healthcare organizations meet the 2025 HIPAA Security Rule's mandatory network segmentation requirements without disrupting critical operations

Download Here
HIPAA-Whitepaper-Download-image-Big

Healthcare Networks & Medical Device Security FAQ

See how Elisity helps healthcare organizations secure legacy and connected medical devices while maintaining compliance and clinical operations. These FAQs answer the most common questions from security and clinical engineering teams.

Many medical devices run outdated systems and can’t have agents installed. How can we protect these vulnerable devices?

Elisity’s identity-based microsegmentation secures each device at the network level without requiring any software on the device. By limiting communications to only what’s necessary for care, it shields legacy and unpatchable medical equipment from threats.

We have thousands of IoMT devices and strict regulations (HIPAA, HHS 405(d)) to meet. Can Elisity help us stay compliant?

Yes, Elisity automatically discovers and classifies all connected medical devices, then enforces healthcare-specific segmentation policies that protect patient data. It also provides the documentation and visibility needed to demonstrate compliance with industry security requirements.

Will deploying microsegmentation disrupt patient care or critical medical services?

No, Elisity’s solution is non-disruptive and uses your existing network, so you can roll out security policies without any downtime. You can even simulate and verify policies before enforcement to ensure there’s no impact on essential healthcare operations.

Our hospital security team is stretched thin managing multiple tools. How does Elisity simplify medical device security?

Elisity consolidates network access control into one platform that’s aware of clinical context. This unified, automated approach means fewer consoles to manage and consistent enforcement across all devices, freeing up your team from manual device-by-device configurations.

Back to top

Ready to Get Started?

Secure Your Network now

Don't let threats take you by surprise. Reclaim control of your network's security posture with Elisity. Unlock enhanced threat detection and policy management capabilities to achieve cybersecurity objectives confidently.

Overview

Schedule a Demo Today

Resources

2026 Cybersecurity Budget: Complete Enterprise Planning Guide
2026 Cybersecurity Budget: Complete Enterprise Planning Guide
Enterprise Architecture Security

2026 Cybersecurity Budget: Complete Enterprise Planning Guide

13 min read
OT Asset Inventory: CISA's 2025 Guide to Modern Defensible Architecture
Zero Trust

OT Asset Inventory: CISA's 2025 Guide to Modern Defensible Architecture

10 min read
How Claude AI Weaponized Lateral Movement: Why Machine-Speed Pivots Are Every CISO's New Nightmare
Zero Trust

How Claude AI Weaponized Lateral Movement: Why Machine-Speed Pivots Are Every CISO's New Nightmare

9 min read