<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2849132&amp;fmt=gif">

Insights from CISOs

St. Luke’s: 15 hospitals microsegmented in 46 days

How the St. Luke’s security team replaced a decade of failed Zero Trust attempts with identity-based microsegmentation across 85,000 IoMT devices.

Small_Logo
St-Lukes-customer-spotlight-image

Customer Spotlight

“We deployed Elisity across 15 hospitals, 350 practices, and 85,000 devices. In two months.”

— David Finkelstein, CISO, St. Luke’s University Health Network

Challenge

Saying “no” to clinicians put patient innovation at risk.

Five years of trying to architect microsegmentation had stalled. Multi-million-dollar imaging scanners, biomedical equipment, and a new iON robotic surgical platform couldn’t tolerate disruption. The security team had earned a reputation as the “army of no,” blocking clinical innovation including remote-assisted surgery that lets providers thousands of miles away support patients in real time.

Down_arrow
challenge-solution_icon

Elisity Solution

From blocker to enabler in 46 days.

Within an afternoon of a proof of concept, Elisity showed live traffic visibility and answered every architectural question. St. Luke’s went from no microsegmentation to full enterprise-wide enforcement in 46 days, two weeks ahead of the CISO’s deadline, while the lead architect ran 12 other concurrent projects. iON surgical robots came online. Security shifted from blocker to partner.

Challenge

One ransomware event could take down the network.

With 85,000 connected devices spanning 15 hospitals, 350 physician practices, and 75 square miles, a single ransomware foothold could cascade across the environment and disrupt patient care system-wide. Containment couldn’t depend on patching legacy biomedical devices that often can’t be patched at all.

Down_arrow
challenge-solution_icon

Elisity Solution

Blast radius contained to a switch or a few devices.

St. Luke’s now enforces thousands of identity-based policies across IT, OT, and IoMT in a single platform. If ransomware lands, blast radius is limited to a switch or a handful of devices instead of taking down the network. The same identity-based policies map to NIST, HIPAA Security Rule, and HHS 405(d) HICP segmentation requirements.

Solution-Brief-Download-image-Big-1-updated

Resources

Get the Elisity healthcare solution brief.

See how Elisity’s identity-based microsegmentation helps healthcare organizations like St. Luke’s protect IoMT, contain ransomware blast radius, and meet HHS 405(d) and HIPAA Security Rule segmentation requirements without disrupting patient care.

Download the Solution Brief

Healthcare microsegmentation FAQs

Common questions from healthcare security teams evaluating microsegmentation. Answers reflect the approach St. Luke’s and other hospital systems take with Elisity.

How do you deploy microsegmentation across a multi-hospital health system?

St. Luke’s University Health Network deployed Elisity identity-based microsegmentation across 15 hospitals and 85,000 connected devices in 46 days, without new agents, hardware, or VLAN redesign. The team used existing Cisco switches as policy enforcement points, integrated with Armis for medical device discovery, and rolled out site-by-site after a one-time Virtual Edge install. Most health systems take 18 to 24 months with legacy approaches. Learn how Elisity microsegmentation works for healthcare.

How does Elisity protect medical devices that can’t run security agents?

Most medical devices, including infusion pumps, imaging systems, and surgical robots, can’t accept endpoint agents because of FDA validation constraints and clinical safety requirements. Elisity solves this with agentless identity-based microsegmentation: it ingests device telemetry from the network and from partners like Armis, builds a real-time identity for each device, then enforces least-privilege policy on the existing access switches. St. Luke’s protected 85,000 medical and IoT devices this way. See the Armis and Elisity integration.

How does microsegmentation contain ransomware lateral movement in hospital networks?

Ransomware in hospitals causes catastrophic damage by spreading laterally between unprotected medical devices and clinical workstations. Elisity contains the blast radius by enforcing identity-based, least-privilege policies on every existing access switch, blocking unauthorized east-west traffic before encryption can spread. At St. Luke’s, this turned 15 hospitals from a single flat network into 85,000 individually contained policy zones. Read how identity-based microsegmentation stops lateral movement.

Will deploying microsegmentation disrupt patient care or clinical operations?

No. Elisity deploys in observation-only mode first, mapping every device-to-device communication before any policy is enforced. Security teams review and approve flows before turning on enforcement, so legitimate clinical traffic is never blocked unexpectedly. St. Luke’s brought 15 hospitals and 85,000 devices online in 46 days with zero clinical disruption, including imaging, infusion, and surgical robotics. See the Elisity microsegmentation deployment process.

How does microsegmentation help meet HIPAA Security Rule and HHS 405(d) HICP requirements?

Both the proposed 2026 HIPAA Security Rule update and HHS 405(d) HICP recommend network segmentation as a core safeguard. Elisity satisfies these by isolating ePHI systems, medical devices, and clinical workstations through identity-based policies enforced on existing infrastructure: no new hardware, no flat VLANs. Auditors get policy logs and traffic visibility per device. St. Luke’s used Elisity to align with both frameworks across 15 hospitals. Read the HHS 405(d) HICP segmentation guide.

How fast can a hospital system deploy Zero Trust microsegmentation?

Traditional microsegmentation projects in healthcare typically take 18 to 36 months. Identity-based microsegmentation deploys in weeks because it uses existing access switches as enforcement points and requires no agents on medical devices. St. Luke’s University Health Network went from contract signature to full enforcement across 15 hospitals and 85,000 devices in 46 days. See how identity-based microsegmentation accelerates Zero Trust.

Back to top
Small_Logo
Mainline-customer-spotlight-image

Customer Spotlight

“Elisity has changed how we look at microsegmentation solutions overall and we have now experienced how Elisity is the easiest to implement and easiest to manage.”

— Aaron Weismann, CISO, Main Line Health

Home_Eyebrow

Network Segmentation Without Compromise

Transform network security with identity-based microsegmentation that enables Zero Trust in weeks, not years.

The Numbers

Main Line Health deploys Elisity microsegmentation enterprise-wide across their Cisco infrastructure with Armis integration, providing comprehensive protection at every facility with network presence.

6,000+

Actively Enforced Policies

+100k

IoT, OT, and IoMT Devices Protected

150

Hospitals, Health centers and physicians' practices

3

Days to Deploy

Challenge

Expanded Attack Surface

The proliferation of connected medical and IoT devices has expanded the attack surface across clinical environments, creating new attack vectors that cybercriminals exploit to gain unauthorized access to critical patient care systems and protected health information (PHI). With thousands of devices spanning multiple facilities, healthcare organizations struggle to maintain visibility and control.​

Down_arrow
challenge-solution_icon

Elisity Solution

Comprehensive Healthcare Visibility

Elisity IdentityGraph™ transforms your switches into data sensors that automatically discover and classify all connected devices—including medical equipment, IoMT devices, clinical workstations, and building management systems—providing complete visibility across your entire healthcare environment without disrupting patient care. This visibility extends across all facilities in your healthcare system.​

Challenge

Legacy Medical Device Vulnerabilities

Clinical devices and IoMT systems often run legacy software, proprietary operating systems, or have long replacement cycles, making them impossible to patch regularly or secure with traditional endpoint solutions. These devices represent a significant portion of a healthcare organization's infrastructure but remain largely unprotected by conventional security tools.​

Down_arrow
challenge-solution_icon

Elisity Solution

HIPAA-Compliant Segmentation

Easily implement the network segmentation controls required by the 2025 HIPAA Security Rule update through identity-based policy groups that logically segment your clinical environment without complex VLAN configurations or network architecture changes. Our solution aligns with HHS 405(d) guidelines to help you achieve favorable regulatory treatment.​

Challenge

HIPAA Compliance Complexity

Meeting stringent HIPAA Security Rule requirements, especially the new 2025 mandated network segmentation controls, becomes increasingly difficult with traditional approaches that require complex VLAN configurations and static firewall rules. HHS 405(d) Health Industry Cybersecurity Practices (HICP) further emphasizes the need for robust network protection through segmentation.​

Down_arrow
challenge-solution_icon

Elisity Solution

Zero-Disruption Deployment

Deploy medical microsegmentation using your existing network infrastructure without requiring new hardware, device agents, or clinical downtime—maintaining continuous patient care operations critical to healthcare environments with multiple facilities and thousands of caregivers.​

Frame 427319008

Clinical Continuity

Healthcare organizations cannot tolerate disruptions to patient care that traditional security implementations often require, creating resistance to implementing proper security controls while maintaining 24/7 clinical operations across multiple hospitals and specialty clinics.​

Down_arrow
challenge-solution_icon

Elisity Solution

Phased Security Implementation

Roll out your fine-tuned policies in waves using Elisity's Simulation Mode to analyze policy impact, identify potential issues, and refine policies before full-scale deployment, safeguarding your clinical operations while strengthening security posture across your entire healthcare organization.​

Resources

Download the 2025 HIPAA Security Rule Update: Network Segmentation Implementation Guide

Discover how Elisity's identity-based microsegmentation helps healthcare organizations meet the 2025 HIPAA Security Rule's mandatory network segmentation requirements without disrupting critical operations

Download Here
HIPAA-Whitepaper-Download-image-Big

Get Started

Stop East-West Attacks, Microsegment Your Networks

Learn why and how large enterprises are reducing risks and accelerating their Zero Trust maturity with Elisity. 
Learn More

Healthcare Networks & Medical Device Security FAQ

See how Elisity helps healthcare organizations secure legacy and connected medical devices while maintaining compliance and clinical operations. These FAQs answer the most common questions from security and clinical engineering teams.

Many medical devices run outdated systems and can’t have agents installed. How can we protect these vulnerable devices?

Elisity’s identity-based microsegmentation secures each device at the network level without requiring any software on the device. By limiting communications to only what’s necessary for care, it shields legacy and unpatchable medical equipment from threats.

We have thousands of IoMT devices and strict regulations (HIPAA, HHS 405(d)) to meet. Can Elisity help us stay compliant?

Yes, Elisity automatically discovers and classifies all connected medical devices, then enforces healthcare-specific segmentation policies that protect patient data. It also provides the documentation and visibility needed to demonstrate compliance with industry security requirements.

Will deploying microsegmentation disrupt patient care or critical medical services?

No, Elisity’s solution is non-disruptive and uses your existing network, so you can roll out security policies without any downtime. You can even simulate and verify policies before enforcement to ensure there’s no impact on essential healthcare operations.

Our hospital security team is stretched thin managing multiple tools. How does Elisity simplify medical device security?

Elisity consolidates network access control into one platform that’s aware of clinical context. This unified, automated approach means fewer consoles to manage and consistent enforcement across all devices, freeing up your team from manual device-by-device configurations.

Back to top

Recent Articles

Andy Ellis on How to Prevent Lateral Movement in the Age of AI Agents
Andy Ellis on How to Prevent Lateral Movement in the Age of AI Agents - RSAC Interview

Andy Ellis on How to Prevent Lateral Movement in the Age of AI Agents

13 min read
The Microsegmentation Say-Do Gap: 99% Plan It, 9% Finish It, and Lateral Movement Keeps Winning
Microsegmentation say-do gap chart showing 99% of enterprises plan it but only 9% finish, from the 2025 Omdia survey

The Microsegmentation Say-Do Gap: 99% Plan It, 9% Finish It, and Lateral Movement Keeps Winning

14 min read
Microsegmentation Compliance Requirements: A Six-Framework Guide for the AI Zero-Day Era
Microsegmentation compliance team reviewing security frameworks in a modern operations center

Microsegmentation Compliance Requirements: A Six-Framework Guide for the AI Zero-Day Era

28 min read