Strategy and Solutions

Close

Discover our digital transformation stories and the impact driving real change

Home
Case Studies

Regional Health System Implements Zero Trust to Protect EHR and IoMT

About the Client

A 1,200‑bed regional academic medical center running Epic EHR and thousands of connected infusion pumps and monitors across hospitals and clinics. The organization was seeing repeated ransomware attempts targeting EHR access and poorly segmented clinical networks.To protect patient safety, reduce lateral movement risk, and meet HITRUST expectations, the health system partnered with Zymr to define and execute a practical zero trust roadmap.

Key Outcomes

27 Critical Vulnerabilities Identified and Remediated
99.98% Clinical System Uptime Across 2.4M+ Encounters

Business Challenges

Flat networks, inconsistent MFA, and unmanaged IoMT device identities created multiple attack paths from user accounts into Epic and bedside devices.The health system needed better identity controls, clinical network segmentation, and device security — without disrupting care delivery or clinician workflows.

Business Impacts / Key Results Achieved

Zymr helped the client move from a perimeter‑centric model to a zero trust posture:

  • Closed 27 high‑risk gaps across Epic, Fiori, Active Directory, and 4,500+ IoMT devices
  • Strengthened authentication on critical clinical and admin workflows
  • Segmented clinical networks and introduced device certificates for IoMT fleets
  • Maintained 99.98% uptime while preparing for and achieving HITRUST certification

Strategy and Solutions

1. Zero Trust Assessment and Roadmap

  • Conducted a red-team style assessment focused on lateral movement into Epic and IoMT environments.
  • Developed a prioritized security roadmap aligned with NIST and HITRUST security controls.

2. Identity and Access Hardening

  • Hardened Active Directory and Epic-adjacent identity stores to strengthen authentication and access governance.
  • Implemented MFA and conditional access policies for high-risk user groups.

3. IoMT Security and Segmentation

  • Implemented device certificate management for infusion pumps and monitoring devices.
  • Created secure clinical network segments to reduce the blast radius in case of a compromise.

Show More
Request A Copy
Zymr - Case Study

Latest Case Studies

With Zymr you can

Community Hospital Executes Zero-Downtime EHR Modernization Planning

Regional Medical Center Transforms Patient Experience Through a Modern Digital Portal

Health System Establishes Enterprise AI Readiness and Governance Framework

Zymr Inc - Cloud Forwarding Services
Let's Talk

Services

Product EngineeringApplication ModernizationSoftware DevelopmentSoftware TestingData AnalyticsCloud ServicesUI/UX DesignArtificial IntelligenceDevOps

What We Think

Case StudiesBlogPodcastGlossaryE-BooksWebinarsVideosInfographics

Who We Are

About ZymrLeadershipNews & EventsCultureCareersContact Us

Locations

San JoseNew YorkLondonAhmedabadBengaluruPune

Contact

hello@zymr.com

What We Think

Services

Who We Are

Locations

Contact

© 2026, ZYMR, INC. All Rights ReservedLegal DisclaimerPrivacy PolicyCookie Policy