Pramote Lertnitivanit/istock via
Minimizing healthcare cyberattacks with network segmentation
Network segmentation can improve security, performance and compliance across healthcare environments.
Network segmentation is an architectural approach that separates a computer network into smaller sections to improve security and overall performance. For healthcare organizations, which often deal with complex IT environments and heightened cyber risk, network segmentation can be a valuable tool to mitigate risk and lessen the negative effects of a cyberattack.
Preventing and minimizing cyberattacks has become increasingly important in recent years, as hacking has remained the leading cause of healthcare data breaches since 2017.
Nearly 30 million individuals were impacted by large healthcare data breaches reported to HHS in the first half of 2025 alone, most of which involved hacking or IT incidents.
HHS underscored the importance of network segmentation by suggesting that HIPAA-covered entities be required to implement it as part of the department's proposed updates to the HIPAA Security Rule. Even if the HIPAA Security Rule updates do not pass as written, network segmentation remains a security best practice that can help healthcare organizations reduce risk.
What is network segmentation?
Network segmentation divides a network into subnets, with each subnet working as an independent network.
"If we think about network segmentation, basically what that's allowing you to do is to keep your data, your systems and your applications separated in different security zones, if you will. And that helps to minimize the impact of an intrusion," Steve Cagle, CEO of cybersecurity company Clearwater, said in an interview.
"So, if [organizations] have poor compliance with security practices or they've had breaches or their credentials have been exposed, or they're just susceptible to phishing, and then those user accounts have high access, it's not very good if they can move all throughout the network."
Organizations can use network segmentation to manage large, complex networks more easily, as this strategy allows administrators to set up distinct policies for each subnet and manage the flow of traffic to each.
"If you can start implementing network segmentation, you can start using either logical or physical means of separating business units, different IT departments and really maintaining separation between both OT and IT," Cagle said.
"So, you're separating, for example, your HVAC systems and things like that from your IT environments. You're separating your clinical areas from your administrative areas."
As cyberattacks remain a pervasive threat to healthcare systems, the ability to contain and isolate networks across the business, manage user access and isolate select devices can prove useful for enhancing performance.
The value of network segmentation for healthcare
From a cybersecurity perspective, separating a large network into smaller sections has clear benefits. If cyberthreat actors target one segment, the attack can be contained.
"One benefit is that you're reducing the attack surface because the threat actors cannot move laterally the same way they could if you had a flat network. If a breach does occur, you're containing it to a single segment. So, the impact of that potentially could be much, much less," Cagle stated.
"And then just from an efficiency perspective, if you want to think about optimizing your security controls for those areas that are less sensitive, you don't have to have the same level of security."
Network segmentation allows administrators to adopt risk-based security controls for any given segment. For example, a network containing sensitive patient data might have stricter security protocols than one that does not. Organizations may also consider microsegmentation, which similarly breaks the network down into segments but on a much more granular level.
Network segmentation is becoming increasingly important in today's cyberthreat landscape.
"There are two main ways we're continuing to see ransomware attacks play out," Cagle noted. "One is through the exploitation of vulnerabilities, and another through user account compromise."
Network segmentation can play a key role in mitigating these types of risks, Cisco suggested in a blog post.
"Segmentation can stop harmful traffic from reaching devices that are unable to protect themselves from attack," the post stated. "For example, a hospital's connected infusion pumps may not be designed with advanced security defenses. Network segmentation can stop harmful Internet traffic from ever reaching them."
Network segmentation offers compliance benefits as well, Cisco suggested. For example, segmenting a network that processes payments and is subject to the Payment Card Industry Data Security Standard limits the scope of compliance activities and ensures that any audits only apply to the systems where that sensitive information is held.
Network segmentation can drive increased security for healthcare organizations if implemented with care.
Implementation tips
Budget, security and workflow implications are always top-of-mind for security practitioners who want to change or improve their security programs.
"When you're implementing any type of security control, first and foremost, we want to understand the business use case and understand the purpose of the tools that we're using. We want to look at the data, the users, and the potential inconvenience that we're going to have," Cagle noted.
"And we want to logically segment things based on who needs to access it and make sure that we do it in a way that's efficient from a workflow perspective. We also need to make sure that we're evaluating the cost associated with this as well."
Cagle added that network segmentation is not easy to implement, and it can be especially difficult for healthcare organizations with many legacy systems or complex environments. Considering the value that this undertaking would bring to your organization and weighing it against alternatives is crucial.
Although it is a recognized best practice across healthcare, network segmentation implementation challenges could arise for small, rural or resource-constrained entities that may not have the staff or tools available to embark on such a significant security project. Assessing and prioritizing security needs on an individual basis is essential.
"Doing a risk analysis is really important," Cagle emphasized. "And it's important to make sure that we're really thinking about this in the context of all the needs of the organization in terms of its security and compliance program."
As previously mentioned, proposed updates to the HIPAA Security Rule, introduced in January 2025, suggest requiring all covered entities to implement network segmentation. The proposal presents a shift toward a more prescriptive version of HIPAA than its current state.
"From a compliance perspective, if that rule were to go into effect the way it's written today -- which is probably unlikely, but some version of it is probably likely -- I think that network segmentation is clearly a good practice," Cagle stated. "It's a practice that's defined in other standards that are recognized in healthcare."
Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.
