Skip navigation leancoded
CONTACT US

Zero Trust That Protects Every Bed

At a glance

CLIENT

A regional pediatric hospital network

SERVICE

  • Cybersecurity Advisory, Zero Trust Implementation, Cloud & Data Security

INDUSTRY

  • Life Sciences & Healthcare

A regional pediatric hospital network operated one acute-care hospital, two main campuses and over 20 outpatient sites, with more than 20,000 connected endpoints across IT, IoT and Internet of Medical Things (IoMT). The environment grew organically for over a decade: flat VLANs, legacy VPNs, vendor tunnels and limited visibility into which devices actually handled protected health information (PHI). A single compromised endpoint could move laterally into clinical systems, imaging platforms or nurse call infrastructure within minutes.

LeanCoded was engaged to define and execute a practical Zero Trust roadmap. Over twelve months, we delivered a hospital-wide device and PHI inventory, identity-centric access controls and micro-segmentation for clinical and IoMT networks. The programme increased device visibility from ~60% to 98%, reduced high-risk flat segments by 72% and cut containment time for ransomware-style incidents from about an hour to under five minutes, using a mix of cloud security assessment, managed cyber security operations and modern network security cloud computing patterns.

From Flat Network to Risk-Based Zero Trust

When “trusted internal network” stopped working

Before the programme, most of the hospital’s security assumptions were perimeter-based. Internal networks were treated as trusted; medical devices and workstations shared large, flat segments; third-party vendors had standing VPN access for support. The security team estimated that they could reliably identify only around 60% of connected devices, and those records were spread across CMDBs, spreadsheets and switch configs. Incidents were handled reactively, with manual triage of firewall logs and ad-hoc blocking rules.

At the same time, the hospital was investing in new digital services: connected infusion pumps, remote monitoring, telehealth and cloud-based imaging archives. Each new project increased the attack surface without a clear view of exposure. The CIO and CISO needed a way to reduce lateral movement risk and strengthen PHI protection without freezing clinical innovation. They decided to move toward a Zero Trust model, using cybersecurity advisory support from LeanCoded to translate the principle of “never trust, always verify” into concrete controls and roadmaps the clinical and IT teams could work with.

Four-phase rollout anchored in real device data

LeanCoded started with a six-week discovery and cloud security assessment. We deployed passive monitoring at core sites, integrated DHCP and directory data, and analysed network flows to build a live inventory of endpoints and systems. In total, we identified approximately 23,500 devices and applications, including 4,800+ IoMT devices and 1,900 systems directly storing or processing PHI. Each was scored on three axes: criticality to patient care, capability to run agents, and external exposure.

On top of this inventory, we defined a four-phase Zero Trust programme. Phase 1 focused on visibility and risk scoring. Phase 2 introduced identity-centric access for staff and external partners, with multi-factor authentication and role-based policies. Phase 3 implemented network and IoMT segmentation, using policy-based micro-segments around critical systems. Phase 4 extended controls to satellite clinics, refined policies based on real incidents and embedded Zero Trust requirements into new project and vendor onboarding processes, supported by custom software development for policy tooling and dashboards.

Making Zero Trust Safe for Clinical Workflows

Zero Trust in a hospital cannot disrupt surgery schedules or ICU workflows. LeanCoded worked with clinical engineering and nursing leadership to map critical clinical journeys: admission, imaging, surgery, ICU, discharge. For each journey we documented which systems, devices and users needed to communicate and where temporary exceptions were acceptable. This mapping drove segmentation boundaries and identity policies.

High-risk systems such as imaging platforms, medication cabinets and operating room equipment were placed behind dedicated gateways. Only authorised roles on compliant devices could reach them, and only over explicitly defined ports and protocols. For vendor access, we replaced standing VPN tunnels with just-in-time access windows, audited session recording and strict scoping to specific systems. All of this was surfaced in a unified dashboard for the security team and operations managers, built as part of a lightweight data security service and custom software development effort.

Outcomes for Patients, IT and Security Teams

  • Zero Trust visibility instead of blind spots
     The hospital moved from approximate counts in spreadsheets to 98% visibility of users, endpoints and systems. Security and clinical engineering now share the same view of on-prem, IoT and IoMT assets, powering more accurate planning, procurement and cloud security network design.
  • Lateral movement risk cut by more than two-thirds
     Micro-segmentation removed 72% of previously flat, high-risk network segments. Simulated intrusions showed that attackers who compromised a single workstation could no longer move directly into imaging or medication systems; they hit policy boundaries that triggered alerts and automated containment actions.
  • Faster, repeatable incident response
     Ransomware-style tabletop exercises demonstrated a reduction in containment time from around 60–70 minutes to under five minutes. The SOC can now use standardised playbooks to quarantine specific devices or segments, rather than shutting down whole departments, supported by managed cyber security service operations.
  • Lower operational overhead for network teams
     Policy-based segmentation and automation cut the volume of manual VLAN and firewall change requests by more than 40% within six months. Network engineers spend more time on capacity planning and fewer hours on ad-hoc rule updates and troubleshooting.

How LeanCoded Delivers Zero Trust in Healthcare

LeanCoded approaches Zero Trust in hospitals as a joint transformation of security, infrastructure and clinical operations. Our teams combine cybersecurity advisory expertise, cloud security assessment capabilities and custom software development services to deliver Zero Trust architectures that are both secure and clinically usable.

We start with data: discovery, classification and risk scoring. Then we layer controls in the right order — identity, segmentation, monitoring — and validate each step with real clinical workflows. Where teams lack capacity, we help set up SOC processes and partner models similar to a cybersecurity services provider or managed cyber security function, ensuring that Zero Trust policies are actively monitored and improved, not just documented. For hospitals already moving workloads to the cloud, we extend these patterns to SaaS and IaaS estates using network security cloud computing and modern identity platforms, so that clinicians experience one coherent security model, not separate on-prem and cloud worlds.

Tech Stack

  • Identity and access management with multi-factor authentication and conditional policies
  • Network access control platform with device profiling and policy-based segmentation
  • IoT/IoMT discovery and behaviour analytics for connected clinical devices
  • Next-generation firewalls and micro-segmentation controls in data centres and WAN
  • Central SIEM platform with enriched identity and device context
  • Network detection and response integrated with SOC and managed cybersecurity service operations
  • Infrastructure-as-Code templates for consistent policy deployment across hospital sites