Zero-Trust Transformation in AI-Enabled Healthcare: Legacy Medical Devices, Clinical Workstations, and the Socio-Technical Reconfiguration of Cybersecurity Governance
Keywords:
Zero-trust architecture, healthcare cybersecurity, legacy medical devices, artificial intelligence governanceAbstract
The accelerating digitization of healthcare infrastructures has intensified longstanding tensions between innovation, patient safety, and cybersecurity resilience. Hospitals increasingly rely on artificial intelligence–enabled clinical decision support systems, networked diagnostic tools, and data-intensive workflows that extend far beyond traditional perimeter-based security models. At the same time, healthcare delivery organizations remain structurally dependent on legacy medical devices and operating systems that were never designed for persistent connectivity or adversarial threat environments. This structural contradiction has produced a fragile cybersecurity landscape, repeatedly exposed through large-scale incidents and systemic vulnerabilities. Within this context, zero-trust architecture has emerged as a paradigmatic reconfiguration of cybersecurity governance, promising continuous verification, least-privilege access, and adaptive risk management across heterogeneous digital ecosystems. Yet the practical realization of zero trust in healthcare settings remains uneven, contested, and deeply constrained by socio-technical realities.
This article develops an original, theory-driven examination of zero-trust adoption in AI-enabled healthcare environments, with particular emphasis on clinical workstations and legacy medical devices. Drawing on an extensive, critical synthesis of interdisciplinary scholarship, policy reports, and technical analyses, the study interrogates how zero-trust principles intersect with artificial intelligence, blockchain-enabled security mechanisms, federated identity management, and explainable AI frameworks. Central to the analysis is the evaluation of operating system modernization strategies, including the adoption of Windows 11 in hospital clinical workstations, as a concrete site where zero-trust ideals confront institutional inertia, regulatory complexity, and embedded technological debt. The discussion integrates empirical insights from recent evaluative studies of hospital workstation environments, situating them within broader debates on accountability, trust, and risk in healthcare cybersecurity (Nayeem, 2026).
Methodologically, the article adopts a qualitative, interpretive research design grounded in systematic literature appraisal, comparative theoretical analysis, and socio-technical reasoning. Rather than privileging purely technical metrics, the study emphasizes governance structures, organizational learning processes, ethical accountability, and the co-evolution of human and machine agency in clinical contexts. The findings demonstrate that zero-trust implementation in healthcare is less a linear technological upgrade than a prolonged process of institutional transformation, requiring alignment between legacy infrastructures, regulatory regimes, and emerging AI-driven security practices. The article concludes by articulating a future research agenda that foregrounds adaptive governance, cross-sectoral standardization, and the moral economy of trust in digital medicine, arguing that cybersecurity resilience must be understood as a collective, dynamic achievement rather than a static technical endpoint.
References
Kasralikar, P., Polu, O. R., Chamarthi, B., Rupavath, R. V. S. S. B., Patel, S., & Tumati, R. (2025). Blockchain for securing AI-driven healthcare systems: A systematic review and future research perspectives. Cureus, 17, e83136.
Northcutt, S. (2005). Inside network perimeter security (2nd ed.). Sams.
Help Net Security. (2023). Rising cyber incidents challenge healthcare organizations.
Nayeem, M. (2026). Bridging zero-trust security and legacy medical devices: An evaluation of Windows 11 adoption in hospital clinical workstations. Frontiers in Emerging Artificial Intelligence and Machine Learning, 3(1), 1–8. https://doi.org/10.64917/feaiml/Volume03Issue01-01
Gellert, G. A., et al. (2023). Zero trust and the future of cybersecurity in healthcare delivery organizations. Journal of Hospital Administration, 12(1), 1–8.
Habli, I., Lawton, T., & Porter, Z. (2020). Artificial intelligence in health care: Accountability and safety. Bulletin of the World Health Organization, 98, 251–256.
Burrell, D. N. (2024). Understanding healthcare cybersecurity risk management complexity. Land Forces Academy Review, 29, 38–49.
He, Y., et al. (2022). A survey on zero trust architecture: Challenges and future trends. Wireless Communications and Mobile Computing, 1–13.
Debnath, S. (2023). Integrating information technology in healthcare: Recent developments, challenges, and future prospects for urban and regional health. World Journal of Advanced Research and Reviews, 19(1), 455–463.
Markus, A. F., Kors, J. A., & Rijnbeek, P. R. (2021). The role of explainability in creating trustworthy artificial intelligence for health care: A comprehensive survey. Journal of Biomedical Informatics, 113, 103655.
Ajish, D. (2024). The significance of artificial intelligence in zero trust technologies: A comprehensive review. Journal of Electrical Systems and Information Technology, 11, 30.
Tyler, D., & Viana, T. (2021). Trust no one? A framework for assisting healthcare organisations in transitioning to a zero-trust network architecture. Applied Sciences, 11(16), 1–18.
Vijayasekhar, D. (2022). Securing the future: Strategies for modernizing legacy systems and enhancing cybersecurity. Journal of Artificial Intelligence and Cloud Computing, 1(3), 1–3.
Ghasemshirazi, S., Shirvani, G., & Alipour, M. A. (2023). Zero trust: Applications, challenges, and opportunities. arXiv, 1–23.
Kaspersky. (2024). Kaspersky finds 73% of healthcare providers use medical equipment with a legacy OS.
Page, M. J., McKenzie, J. E., Bossuyt, P. M., et al. (2021). The PRISMA 2020 statement: An updated guideline for reporting systematic reviews. BMJ, 372, n71.
Hong, Q. N., Pluye, P., Fàbregues, S., et al. (2018). Mixed methods appraisal tool (MMAT), version 2018. BMJ, 1–7.
Khan, M. M., Shah, N., Shaikh, N., Thabet, A., Alrabayah, T., & Belkhair, S. (2025). Towards secure and trusted AI in healthcare: A systematic review of emerging innovations and ethical challenges. International Journal of Medical Informatics, 195, 105780.
Kaul, D. (2019). Blockchain-powered cyber-resilient microservices: AI-driven intrusion prevention with zero-trust policy enforcement. Journal of Mathematical and Computational Science, 1–34.
Huda, S., Islam, M. R., Abawajy, J., Kottala, V. N., & Ahmad, S. (2024). A cyber risk assessment approach to federated identity management framework-based digital healthcare system. Sensors, 24, 5282.
Ofili, B. T., Erhabor, E. O., & Obasuyi, O. T. (2025). Enhancing federal cloud security with AI: Zero trust, threat intelligence, and compliance. World Journal of Research and Review, 25, 2377–2400.
Shojaei, P., Vlahu-Gjorgievska, E., & Chow, Y. W. (2024). Security and privacy of technologies in health information systems: A systematic literature review. Computers, 13(2), 1–25.
Mandiant. (2022). M-Trends 2022 special report: Executive summary.
Ho, G., et al. (2021). Hopper: Modeling and detecting lateral movement (extended report). arXiv, 1–20.
Department of Health. (2018). Investigation: WannaCry cyber-attack on the NHS. UK National Audit Office.
Khan, M. J. (2023). Zero trust architecture: Redefining network security paradigms in the digital age. World Journal of Advanced Research and Reviews, 19(3), 105–116.
Eastwood, B. (2024). Tips for health systems on managing legacy systems to strengthen security. HealthTech Magazine.
International Conference on Communication Technologies (ComTech 2017). (2017). Institute of Electrical and Electronics Engineers.
