Hybrid Approach to Secure Legacy Healthcare Systems: Integrating Zero Trust and Traditional Security Models
Hybrid Approach to Secure Legacy Healthcare Systems: Integrating Zero Trust and Traditional Security Models |
||
![]() |
![]() |
|
© 2025 by IJETT Journal | ||
Volume-73 Issue-5 |
||
Year of Publication : 2025 | ||
Author : Bashayer Alotaibi, Samah Alajmani |
||
DOI : 10.14445/22315381/IJETT-V73I5P103 |
How to Cite?
Bashayer Alotaibi, Samah Alajmani, "Hybrid Approach to Secure Legacy Healthcare Systems: Integrating Zero Trust and Traditional Security Models," International Journal of Engineering Trends and Technology, vol. 73, no. 5, pp.16-29, 2025. Crossref, https://doi.org/10.14445/22315381/IJETT-V73I5P103
Abstract
Increased dependence on technology within healthcare organizations enhances accessibility and advances the operational efficiency of health services through more immediate diagnoses, faster retrieval of patient records, and enhanced communication among healthcare providers. However, with such advancements in technology, the ongoing utilization of outdated systems like Windows XP and Windows 7 within healthcare organizations is a significant cybersecurity risk. These systems are no longer supported, lack security mechanisms, and are increasingly exposed to attacks like ransomware and data breaches. Thus, sensitive data is extremely exposed to security threats, and continuity of healthcare services is compromised. Traditional perimeter security models, which are still widespread in healthcare organizations, are no longer effective in countering modern threats. To address this, the paper proposes a hybrid security approach that integrates Zero Trust Architecture (ZTA) and traditional perimeter security models. The architecture is proposed to safeguard legacy systems that are impossible to replace and ensure patient information remains secure for both remote and internal users. The primary aim of this research is to provide a pragmatic and adaptable solution to reduce cybersecurity risks associated with legacy systems. The suggested architecture was tested virtually to simulate real-world attack scenarios. The findings indicate that the hybrid model is successful in detecting and preventing threats, enhancing visibility, and enhancing security in healthcare environments that rely on legacy infrastructure.
Keywords
Healthcare organizations, Legacy systems, Perimeter security model, Security, Zero Trust Architecture (ZTA).
References
[1] Shipu Debnath, “Integrating Information Technology in Healthcare: Recent Developments, Challenges, and Future Prospects for Urban and Regional Health,” World Journal of Advanced Research and Reviews, vol. 19, no. 1, pp. 455-463, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[2] Vijayasekhar Duvvur, “Securing the Future: Strategies for Modernizing Legacy Systems and Enhancing Cybersecurity,” Journal of Artificial Intelligence & Cloud Computing, vol. 1, no. 3, pp. 1-3, 2022.
[CrossRef] [Publisher Link]
[3] George A. Gellert et al., “Zero Trust and The Future of Cybersecurity in Healthcare Delivery Organizations,” Journal of Hospital Administration, vol. 12, no. 1, pp. 1-8, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Muhammad Jamshid Khan, “Zero Trust Architecture: Redefining Network Security Paradigms in the Digital Age,” World Journal of Advanced Research and Reviews, vol. 19, no. 3, pp. 105-116, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Dan Tyler, and Thiago Viana, “Trust No One? A Framework for Assisting Healthcare Organisations in Transitioning to a Zero-Trust Network Architecture,” Applied Sciences, vol. 11, no. 16, pp. 1-18, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Parisasadat Shojaei, Elena Vlahu-Gjorgievska, and Yang-Wai Chow, “Security and Privacy of Technologies in Health Information Systems: A Systematic Literature Review,” Computers, vol. 13, no. 2, pp. 1-25, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[7] “International Conference on Communication Technologies (ComTech 2017),” Institute of Electrical and Electronics Engineers (IEEE), Rawalpindi, Pakistan, pp. 1-219, 2017.
[Publisher Link]
[8] Brian Eastwood, Tips for Health Systems on Managing Legacy Systems to Strengthen Security, HealthTech Magazine, 2024. [Online]. Available: https://healthtechmagazine.net/article/2023/01/tips-health-systems-managing-legacy-systems-strengthen-security
[9] Stephen Northcutt, Inside Network Perimeter Security, 2nd ed., Sams, 2005.
[Google Scholar] [Publisher Link]
[10] Yuanhang He et al., “A Survey on Zero Trust Architecture: Challenges and Future Trends,” Wireless Communications and Mobile Computing, vol. 2022, no. 1, pp. 1-13, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[11] M-Trends 2022 Mandiant Special Report, Executive-Summary, 2022. [Online]. Available: https://mandiant.widen.net/s/kxbbdppzzk/m-trends-2022-executive-summary
[12] Saeid Ghasemshirazi, Ghazaleh Shirvani, and Mohammad Ali Alipour, “Zero Trust: Applications, Challenges, and Opportunities,” arXiv, pp. 1-23, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Grant Ho et al., “Hopper: Modeling and Detecting Lateral Movement (Extended Report),” arXiv, pp. 1-20, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[14] Kaspersky Finds 73% of Healthcare Providers Use Medical Equipment with a Legacy OS, Kaspersky, 2024. [Online]. Available: https://usa.kaspersky.com/about/press-releases/kaspersky-finds-73-of-healthcare-providers-use-medical-equipment-with-a-legacy-os
[15] Rising Cyber Incidents Challenge Healthcare Organizations, Help Net Security, 2023. [Online]. Available: https://www.helpnetsecurity.com/2023/08/30/cyber-incidents-challenge-healthcare-organizations/
[16] Department of Health, Investigation: WannaCry cyber-attack on the NHS, UK National Audit Office, pp. 1-35, 2018, [Online]. Available: https://www.nao.org.uk/reports/investigation-wannacry-cyber-attack-and-the-nhs/
[17] Jericho Forum™ Commandments, The Need for Trust, 2007. [Online]. Available: https://collaboration.opengroup.org/jericho/commandments_v1.2.pdf
[18] John Kindervag, Build Security Into Your Network’s DNA: The Zero Trust Network Architecture, paloaltonetworks, pp. 1-27, 2010. [Online]. Available: https://media.paloaltonetworks.com/documents/Forrester-Build-Security-Into-Your-Network.pdf
[19] Scott Rose et al., “Zero Trust Architecture,” National Institute of Standards and Technology, pp. 1-59, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[20] Malcolm Shore, Sherali Zeadally, and Astha Keshariya, “Zero Trust: The What, How, Why, and When,” Computer Society, vol. 54, no. 11, pp. 26-35, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[21] Hongzhaoning Kang et al., “Theory and Application of Zero Trust Security: A Brief Survey,” Entropy, vol. 25, no. 12, pp. 1-26, 2023.
[CrossRef] [Google Scholar] [Publisher Link]
[22] Biplob Paul, and Muzaffar Rao, “Zero-Trust Model for Smart Manufacturing Industry,” Applied Sciences, vol. 13, no. 1, pp. 1-20, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Claudio Zanasi et al., “A Zero Trust Approach for the Cybersecurity of Industrial Control Systems,” 2022 IEEE 21st International Symposium on Network Computing and Applications (NCA), Boston, MA, USA, pp. 1-7, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[24] Abdul Rahman et al., “Implementation of Zero Trust Security in MSME Enterprise Architecture: Challenges and Solutions,” Sinkron: Journal and Research of Informatics Engineering, vol. 8, no. 3, pp. 2077-2087, 2024.
[CrossRef] [Google Scholar] [Publisher Link]
[25] Rania M. Habash, and Mahmood K. Ibrahem, “Zero Trust Security Model for Enterprise Networks,” Iraqi Journal of Information and Communication Technology, vol. 6, no. 2, pp. 68-77, 2024.
[CrossRef] [Google Scholar] [Publisher Link]