The consequences are measurable. Healthcare has been the most expensive industry for data breaches for fourteen consecutive years according to IBM’s Cost of a Data Breach research. The average healthcare breach now exceeds $9.77 million per incident a figure that reflects not just the direct cost of the breach but the clinical disruption, regulatory exposure, and recovery complexity that healthcare-specific incidents create.

IGEL and Zscaler just presented joint healthcare security master plans at HIMSS26 Europe in Copenhagen that address the distributed healthcare security challenge with a level of architectural specificity that generic Zero Trust guidance rarely provides. Three blueprint frameworks. Three distinct healthcare security scenarios. One coherent architectural approach built on the combination of IGEL’s immutable endpoint platform and Zscaler’s Zero Trust Exchange designed to give healthcare organizations practical, deployable guidance rather than security principles that stop short of telling IT teams what to actually build.

Why Distributed Healthcare Creates Security Problems That Traditional Architecture Cannot Solve

The security problem that healthcare organizations face today is not a failure of security intent. Most healthcare IT and security teams understand the risks, take them seriously, and work hard to address them within the constraints they operate under.

The problem is structural. Healthcare security architecture built around the traditional hospital perimeter VPN-centric remote access, perimeter firewalls, locally managed endpoint security was designed for an environment where the majority of clinical work happened in controlled, well-connected locations and where the population of endpoints requiring managed security was relatively contained.

That environment no longer describes how healthcare delivery actually works. Frank Nydam, Zscaler’s Executive Director for Healthcare, captured the structural shift directly: healthcare delivery has expanded far beyond the hospital walls, and the attack surface has expanded with it. An outpatient clinic with shared workstations and limited local IT support. A radiologist connecting from home to access imaging systems. A hospital trying to maintain clinical access during an active ransomware attack that has compromised parts of its infrastructure. Each of these scenarios creates security requirements that traditional perimeter-based architecture handles poorly or does not handle at all.

The VPN-centric remote access model that most healthcare organizations have historically relied on creates specific problems in distributed environments. VPN connections, once established, typically provide broad network access rather than application-specific access meaning a compromised endpoint or credential provides an adversary with the same level of network access that the legitimate user had. In healthcare environments where that network access includes clinical systems containing protected health information, the lateral movement potential from a single compromised VPN connection is substantial.

Legacy VPN infrastructure is also operationally brittle in the high-availability environment that healthcare requires. A VPN concentrator failure or capacity constraint during a high-demand period exactly the kind of condition that exists during a major cyber incident when clinical teams need remote access most urgently can eliminate the access that clinical continuity depends on at precisely the moment it matters most.

The IGEL and Zscaler framework addresses these structural limitations by replacing the VPN-centric model with identity-based, policy-enabled access controls that are application-specific rather than network-broad, enforced at the cloud edge rather than dependent on centralized on-premises infrastructure, and consistent across clinical environments regardless of where the clinician or endpoint is located.

The Immutable Endpoint Foundation That Changes the Recovery Equation

The IGEL contribution to this framework deserves specific attention because it addresses a dimension of healthcare security that most security architecture discussions underemphasize: the endpoint itself.

In a conventional managed endpoint environment, an endpoint that has been compromised whether through malware infection, ransomware deployment, or unauthorized configuration change requires remediation before it can safely reconnect to clinical systems. That remediation process takes time, consumes IT resources, and in a healthcare environment where those endpoints may be clinical workstations that clinicians need to access patient records, creates exactly the kind of care continuity disruption that makes ransomware attacks against hospitals so consequential.

IGEL’s immutable operating system changes that equation at the architecture level. An immutable OS cannot be persistently modified by malware any changes made during a session are discarded at reboot, returning the endpoint to its known good state without requiring manual remediation. The endpoint does not accumulate the configuration drift, the installed software vulnerabilities, or the persistent malware that makes conventional endpoints security liabilities over time.

That immutability has direct implications for the isolated recovery environment scenario that one of the three blueprint frameworks specifically addresses. When a ransomware attack has compromised parts of a hospital’s infrastructure, the ability to quickly establish a known good endpoint state without reimaging hundreds of devices or waiting for IT to manually remediate each affected workstation is the difference between hours and days of clinical disruption. IGEL endpoints that reboot to a clean, verified state without manual intervention give healthcare IT teams a recovery capability that conventional endpoint architecture cannot match.

Matthias Haas, IGEL’s CTO, framed the architectural philosophy that drives this: resilience and security cannot be treated as separate initiatives in healthcare. The same endpoint foundation that makes devices more secure also makes them faster to recover. The same immutable OS that prevents persistent malware also enables rapid transition to a reliable state during a disaster recovery scenario. Security and resilience, built into the same architectural layer rather than addressed by separate tools that need to coordinate under pressure.

Three Blueprint Frameworks for Three Healthcare Security Scenarios

The IGEL and Zscaler master plans are organized around three specific use cases that represent the most common and most consequential distributed healthcare security challenges and the specificity of that use case framing is what distinguishes these blueprints from generic Zero Trust guidance.

The Isolated Recovery Environment Access Plan addresses the scenario that healthcare security teams dread most: a destructive ransomware attack that has compromised significant portions of the organization’s infrastructure and requires the clinical organization to maintain some level of patient care access while recovery proceeds in parallel.

The blueprint provides guidance for establishing a known good state for endpoints and enforcing strict access controls to recovery systems giving clinical teams access to the applications they need to continue delivering care while keeping the recovery environment isolated from the compromised production environment. The combination of IGEL’s immutable endpoint and Zscaler’s identity-based access controls creates a recovery access architecture that does not depend on the infrastructure that has been compromised. Endpoints that boot to a clean OS state connect through Zscaler’s cloud-delivered Zero Trust Exchange to applications hosted in the recovery environment without requiring VPN infrastructure that may itself have been affected by the attack.

For a healthcare organization in the middle of a ransomware incident, that capability is the difference between maintaining clinical operations with reduced capability and a full clinical shutdown while IT works through recovery. Given the documented patient safety consequences of clinical system downtime in hospitals including care delays and the diversion of emergency patients to other facilities the clinical value of this blueprint extends well beyond its IT significance.

The Distributed Clinic Security Plan addresses the security and access consistency problem that healthcare systems with multiple outpatient locations, imaging sites, and specialty clinics face: each site has different local IT infrastructure, different security controls, and different levels of local IT support creating an inconsistent security posture across the organization that is difficult to audit, difficult to manage centrally, and difficult to improve systematically.

The blueprint provides a repeatable model for standardizing immutable endpoint deployment and access controls across distributed clinic locations, reducing reliance on local security devices and legacy VPN connections that require local maintenance and support. The standardization value is significant beyond the direct security improvement. Healthcare organizations that can deploy the same endpoint and access control model across all of their clinic locations can manage that model centrally, audit it consistently, and update it uniformly rather than managing a different security configuration at each site.

The Remote Clinician Access Plan extends the same access controls to clinicians working from home, hotel rooms, or other locations outside the hospital and clinic environment. The blueprint enables consistent access behavior across hospitals, clinics, and remote environments meaning a clinician’s access experience, and the security controls governing that experience, are the same regardless of where they are working.

That consistency matters for security as much as for user experience. Inconsistent access controls across environments create exactly the gaps that adversaries learn to exploit finding the access path with the weakest controls and using it to enter the environment. A consistent access model that applies the same identity-based, policy-enabled controls everywhere eliminates the environmental variation that inconsistency creates.

The PHI Protection Architecture Built Into the Framework

The protected health information dimension of the IGEL-Zscaler framework deserves specific attention because HIPAA compliance in distributed healthcare environments is one of the most complex and most frequently cited security challenges in the industry.

PHI protection in a distributed environment is fundamentally different from PHI protection in a controlled hospital environment. When clinical data is being accessed from endpoints in clinics, homes, and mobile environments, the risk that PHI will persist on those endpoints in browser caches, in downloaded files, in application data stores is substantially higher than in a managed hospital workstation environment where IT controls the endpoint configuration and can enforce data handling policies consistently.

The IGEL and Zscaler framework minimizes PHI persistence on endpoints through the combination of IGEL’s immutable OS which discards session data at reboot, preventing PHI from accumulating on the endpoint over time and Zscaler’s clientless or client-based access models that deliver application access without requiring clinical data to be downloaded and stored locally.

That architecture significantly simplifies the HIPAA compliance posture for distributed access scenarios. Rather than trying to manage PHI that has been distributed across hundreds of endpoints in varying states of IT control, the framework keeps clinical data centralized or in controlled hosting environments and delivers access to it without the data leaving those environments in persistent form. The audit and compliance documentation that HIPAA requires is substantially more defensible when the data architecture prevents PHI from persisting outside controlled environments rather than relying on endpoint-level controls that may fail.

What Healthcare IT and Security Leaders Should Take From This

The IGEL-Zscaler master plans presented at HIMSS26 Europe represent something that is genuinely uncommon in healthcare security: architectural guidance specific enough to be actionable for the teams that will actually implement it.

Generic Zero Trust guidance tells healthcare organizations what they should achieve continuous verification, least-privilege access, assume breach. The IGEL-Zscaler blueprints tell them how to achieve it in three specific scenarios that map directly to the challenges their IT teams are actively working through. The combination of IGEL’s Adaptive Secure Endpoint Platform, Universal Management Suite, and App Portal with Zscaler’s Zero Trust Exchange gives healthcare organizations a validated technology stack alongside the architectural guidance reducing the evaluation burden of identifying which technologies implement the blueprint principles.

The tool consolidation benefit that the framework delivers is worth noting specifically because healthcare IT environments have historically accumulated overlapping security tools that add cost, management complexity, and integration burden without proportional security improvement. Replacing VPN infrastructure, reducing local security device dependencies at clinic sites, and standardizing endpoint management across distributed locations through a single, integrated framework addresses the tool sprawl problem directly simplifying the security architecture while improving both the security posture and the manageability of the distributed environment.

The business continuity dimension that runs through all three blueprints reflects an understanding of healthcare security that is specific to the clinical environment: security controls that cause care disruption are not acceptable in a setting where the systems being protected are the same ones that clinicians depend on for patient care. The IGEL-Zscaler framework is designed to be secure without introducing the friction, the single points of failure, or the recovery complexity that would make clinicians work around the controls or that would amplify the disruption of a security incident rather than containing it.

Healthcare organizations that implement these blueprints are building toward a security architecture that is more resilient, more consistent across their distributed environment, and more aligned with where both the threat environment and the regulatory expectation for healthcare security are heading. The organizations that do not are managing the same distributed endpoint exposure, the same VPN-centric access vulnerabilities, and the same inconsistent clinic security posture that has made healthcare the most expensive breach environment in the enterprise security landscape for fourteen consecutive years.

Research and Intelligence Sources: IGEL 

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com