Bridging Zero-Trust Security and Legacy Medical Devices: An Evaluation of Windows 11 Adoption in Hospital Clinical Workstations

Mohammed Nayeem

doi:10.64917/feaiml/Volume03Issue01-01

Open Access

Bridging Zero-Trust Security and Legacy Medical Devices: An Evaluation of Windows 11 Adoption in Hospital Clinical Workstations

https://doi.org/10.64917/feaiml/Volume03Issue01-01

PDF

Mohammed Nayeem ¹

⁴ Franciscan Health/ IT

Abstract

The increasing number of cyberattacks on healthcare organizations has made it one of the most targeted industries (Ponemon Institute, 2022; HIMSS, 2023). Existing security models are failing, particularly given the heterogeneity of hospital networks: legacy systems, unmanaged medical devices, shared workstations, remote access devices, work-from-home devices, and other machines. Many hospitals still operate Windows 10 or older devices, allowing attackers to penetrate systems and launch cyberattacks, violating regulatory and compliance standards such as HIPAA and data protection requirements (U.S. Department of Health and Human Services, 2023). Traditional perimeter-based security models are insufficient for modern healthcare environments (National Institute of Standards and Technology, 2020a; Cisco Systems, 2022).

This research analyses the integration of Zero-Trust Architecture (ZTA), Windows 11 security features, clinical workstation protection, and medical device compatibility in hospitals. Implementation aligns with NIST Zero Trust, ISO 42001, and HIPAA security and privacy rules (National Institute of Standards and Technology, 2020a; International Organization for Standardization, 2023; U.S. Department of Health and Human Services, 2023), preparing hospitals for evolving cyber threats. This paper also suggests future research directions using cloud-driven Zero Trust models (Microsoft, 2023a).

How to Cite

Nayeem, M. (2026). Bridging Zero-Trust Security and Legacy Medical Devices: An Evaluation of Windows 11 Adoption in Hospital Clinical Workstations. Frontiers in Emerging Artificial Intelligence and Machine Learning, 3(1), 01–08. https://doi.org/10.64917/feaiml/Volume03Issue01-01

⬇ Endnote/Zotero/Mendeley (RIS) ⬇ BibTeX

References

📄 Alkharji, M., Alsubhi, K., & Alzahrani, A. (2021). Cybersecurity challenges in healthcare: A systematic review. Journal of Medical Systems, 45(12), Article 133. https://doi.org/10.1007/s10916-021-01787-9

📄 Cisco Systems. (2022). Zero trust in healthcare: A security model for a digital world (White paper). https://www.cisco.com

📄 Covington, M., & Carskadden, R. (2021). Threat implications of the convergence of IT and medical devices. Journal of Digital Imaging, 34, 242–248. https://doi.org/10.1007/s10278-020-00394-8

📄 Fu, K., & Blum, J. (2021). FDA-recognized medical device cybersecurity: The road ahead. Communications of the ACM, 64(8), 32–36. https://doi.org/10.1145/3418298

📄 Gartner. (2023). Security comparison: Windows 10 vs Windows 11 for enterprise deployment. Gartner Research.

📄 Healthcare Information and Management Systems Society. (2023). 2023 healthcare cybersecurity survey. https://www.himss.org

📄 Intel Corporation. (2023). Hardware-based security enhancements for modern OS platforms. https://www.intel.com

📄 International Organization for Standardization. (2023). ISO/IEC 42001:2023—Artificial intelligence management system. https://www.iso.org/standard/81230.html

📄 Ligh, M., Adair, S., Hartstein, B., & Richard, M. (2022). Modern endpoint protection: Credential Guard and virtualization-based security (SANS whitepaper). SANS Institute.

📄 Microsoft. (2023a). Zero trust adoption framework (Security whitepaper). https://learn.microsoft.com/security

📄 Microsoft. (2023b). Zero trust composition and architecture. Microsoft Documentation.

📄 Microsoft. (2023c). Windows 11 security book: Powerful security from chip to cloud. https://learn.microsoft.com/windows

📄 National Institute of Standards and Technology. (2020a). Zero trust architecture (NIST SP 800-207). https://doi.org/10.6028/NIST.SP.800-207

📄 National Institute of Standards and Technology. (2020b). Security and privacy controls for information systems and organizations (NIST SP 800-53 Rev. 5). https://doi.org/10.6028/NIST.SP.800-53r5

📄 National Institute of Standards and Technology. (2022). Guide to industrial control systems security (NIST SP 800-82 Rev. 3). https://doi.org/10.6028/NIST.SP.800-82r3Ponemon Institute. (2022). Impact of ransomware on healthcare during COVID-19 and beyond. https://www.ponemon.org

📄 Sametinger, J., Rozenblit, J., Lysecky, R., & Ott, P. (2017). Security challenges for medical devices. Journal of Software: Evolution and Process, 29(8), e1876. https://doi.org/10.1002/smr.1876

📄 U.S. Department of Health and Human Services. (2023). HIPAA security rule guidance. https://www.hhs.gov/hipaa

📄 U.S. Food and Drug Administration. (2023). Cybersecurity in medical devices: Quality system considerations and content of premarket submissions (Final guidance). https://www.fda.gov

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors retain the copyright of their articles published in this journal. All articles are licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0). This license permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are properly cited.