eISSN: 3087-4289 editor@aimjournals.com
All Journals
Submit your article

International Journal of Modern Computer Science and IT Innovations

Open Access Peer Review International
Open Access

Zero-Trust Transformation in Healthcare IT: Securing Legacy Medical Devices Through Windows 11 Modernization in Clinical Workstations

DOI
PDF
Dr. Joshua Muller 1 ,
4 Department of Computer Science, Technical University of Munich, Germany

Abstract

Healthcare organizations operate within increasingly hostile cyber environments while simultaneously depending on legacy medical devices and outdated operating systems. The coexistence of modern cyber threats and legacy clinical infrastructure creates a structural security paradox: hospitals must preserve device compatibility and patient safety while modernizing security architectures to withstand sophisticated lateral movement, ransomware, and advanced persistent threats. This study develops a comprehensive theoretical and evaluative framework examining the integration of Zero-Trust Architecture (ZTA) principles into hospital clinical workstations through the adoption of Windows 11, particularly in environments characterized by legacy medical operating systems.

Drawing upon foundational zero-trust theory, national standards, lateral movement detection research, healthcare incident analyses, and empirical threat intelligence reports, the article synthesizes architectural, operational, and governance perspectives. The research evaluates how Windows 11 security capabilities-when aligned with NIST SP 800-207 zero-trust principles-can mitigate risks associated with unsupported legacy systems widely prevalent in healthcare environments. The analysis contextualizes the WannaCry incident within systemic perimeter-security failure and explores contemporary threat patterns affecting healthcare providers.

The findings demonstrate that zero-trust adoption, when embedded within endpoint modernization, identity-centric validation, distributed access enforcement, AI-enhanced monitoring, and micro-segmentation strategies, significantly reduces lateral movement potential and containment failure. However, modernization must be strategically phased to preserve device interoperability and regulatory compliance. The study further identifies critical governance, operational, and socio-technical challenges, including medical device certification constraints, cost structures, cultural resistance, and integration complexity.

The article concludes that bridging zero-trust security and legacy medical devices requires a hybrid transition model-combining containment-based isolation, progressive operating system modernization, AI-enabled validation, and distributed trust enforcement-to achieve sustainable resilience in hospital clinical environments.

Keywords

Zero-trust architecture, healthcare cybersecurity, legacy medical devices

References

πŸ“„ Ghasemshirazi, S., Shirvani, G., & Alipour, M. A. (2023). Zero Trust: Applications, Challenges, and Opportunities. arXiv.
πŸ“„ He, Y., et al. (2022). A Survey on Zero Trust Architecture: Challenges and Future Trends. Wireless Communications and Mobile Computing, 2022(1), 1–13.
πŸ“„ Help Net Security. (2023). Rising Cyber Incidents Challenge Healthcare Organizations.
πŸ“„ Ho, G., et al. (2021). Hopper: Modeling and Detecting Lateral Movement (Extended Report). arXiv.
πŸ“„ Jericho Forum. (2007). The Need for Trust.
πŸ“„ Kaspersky. (2024). Kaspersky Finds 73% of Healthcare Providers Use Medical Equipment with a Legacy OS.
πŸ“„ Kindervag, J. (2010). Build Security Into Your Network’s DNA: The Zero Trust Network Architecture.
πŸ“„ M-Trends. (2022). Mandiant Special Report Executive Summary.
πŸ“„ National Audit Office. (2018). Investigation: WannaCry cyber-attack on the NHS.
πŸ“„ Northcutt, S. (2005). Inside Network Perimeter Security.
πŸ“„ Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture (NIST SP 800-207). National Institute of Standards and Technology.
πŸ“„ Sasada, T., Taenaka, Y., Kadobayashi, Y., & Fall, D. (2024). Web-biometrics for user authenticity verification in zero-trust access control. IEEE Access, 12, 129611–129622.
πŸ“„ Sengupta, B., & Anantharaman, L. (2021). Distrust: Distributed and low-latency access validation in zero-trust architecture. Journal of Information Security Applications, 63, 103023.
πŸ“„ Shakya, S., Abbas, R., & Maric, S. (2025). A novel zero-touch, zero-trust, AI/ML enablement framework for IoT network security. arXiv.
πŸ“„ Nayeem, M. (2026). Bridging Zero-Trust Security and Legacy Medical Devices: An Evaluation of Windows 11 Adoption in Hospital Clinical Workstations. Frontiers in Emerging Artificial Intelligence and Machine Learning, 3(1), 01–08.