A comprehensive research and implementation framework for Zero Trust Security in healthcare — covering IAM, network segmentation, continuous monitoring, and HIPAA compliance.
Traditional perimeter-based security assumes that once someone is inside a network, they can be trusted. In today's threat landscape — with insider attacks, advanced persistent threats, and sprawling connected devices — this assumption is dangerously wrong.
This project implements and evaluates Zero Trust Architecture (ZTA) with a specific focus on the healthcare sector, where sensitive patient data and HIPAA compliance requirements create some of the highest stakes in cybersecurity.
Core Principle: "Never trust. Always verify."
- Design a Zero Trust framework tailored for healthcare organizations
- Implement Identity and Access Management (IAM) with MFA and RBAC
- Evaluate network segmentation strategies to contain breach impact
- Deploy SIEM-based continuous monitoring for real-time threat detection
- Validate compliance alignment with HIPAA regulations
- Analyze real-world case studies (Mayo Clinic, telemedicine platforms)
| Component | Description |
|---|---|
| Multi-Factor Authentication (MFA) | Biometrics + one-time passwords to prevent unauthorized access |
| Role-Based Access Control (RBAC) | Permissions tied to job roles — limits lateral movement |
| Continuous User Validation | Session-level monitoring adjusting access by time, location & device |
| Component | Description |
|---|---|
| Network Segmentation | Divides infrastructure into isolated zones to contain breaches |
| Micro-Segmentation | Granular control between individual workloads and services |
| SIEM Integration | Real-time threat detection and automated incident response |
| IoT Security | Securing connected medical devices (monitors, imaging equipment) |
- Implemented MFA + RBAC across clinical systems
- Achieved measurable reduction in unauthorized access incidents
- HIPAA-compliant access controls with audit trails for all sensitive data
- Zero Trust applied to remote patient-provider interactions
- Encrypted sessions with continuous device trust validation
- Micro-segmented architecture to isolate patient records from billing systems
- Defined a 3-milestone implementation roadmap: IAM → Network Segmentation → Continuous Monitoring
- Produced a concept map linking ZTA principles to healthcare-specific threats
- Demonstrated how ZTA reduces the attack surface for ransomware, insider threats, and credential theft
- Outlined future enhancements: AI-powered threat detection and blockchain-based decentralized authentication
📁 zero-trust-cybersecurity/
│
├── 📊 INFO-5737_GROUP-3_FINAL_PPT.pptx ← Presentation deck
├── 📄 project_report.docx ← Full research report
├── 📄 README.md
│
└── 📁 docs/
├── concept_map.png ← ZTA concept map
├── iam_framework.md ← IAM implementation notes
└── network_segmentation.md ← Network architecture notes
Zero Trust Architecture Identity & Access Management Multi-Factor Authentication Role-Based Access Control Network Segmentation Micro-Segmentation SIEM HIPAA Compliance IoT Security Continuous Monitoring Ransomware Defense Insider Threat Mitigation
| Member | Role |
|---|---|
| Tharun Reddy Marreddy | IAM framework & network security analysis |
| Blessy Peddada | Research & case study development |
| Sashi Kiran Maddineni | Concept mapping & documentation |
| Vijaya Rama Reddy Mallidi | SIEM & monitoring research |
| Yusmitha Lekha Prathi | Compliance & reporting |
Course: INFO 5737 — Information Security | University of North Texas
Professor: Dr. Tae Hee Lee