Main Line Health Deploys Identity‑Based Microsegmentation to Secure 60,000 Clinical Devices
What Happened — Main Line Health (MLH) implemented an identity‑based microsegmentation solution from Elisity, enforcing ~24,000 policies that govern communication for roughly 60,000 devices across five hospitals and multiple ambulatory sites. The deployment protects legacy medical equipment that cannot be patched or run traditional agents, limiting lateral movement in the network.
Why It Matters for TPRM —
- Demonstrates a viable control for protecting unpatchable OT/medical devices that many vendors still rely on.
- Highlights the need to assess third‑party network‑segmentation capabilities when onboarding healthcare providers.
- Shows that proactive “pressure testing” of segmentation rules can surface hidden exposure before go‑live.
Who Is Affected — Healthcare providers, health‑tech vendors, and any organization that relies on legacy medical or IoT devices.
Recommended Actions —
- Verify that your health‑system vendors employ microsegmentation or comparable network‑segmentation controls.
- Request evidence of policy coverage (e.g., rule counts, device inventory) and testing methodology.
- Incorporate microsegmentation maturity into third‑party risk questionnaires and continuous monitoring programs.
Technical Notes — The solution uses identity‑based policies rather than IP‑based ACLs, enabling granular control of device‑to‑device traffic. No specific CVEs were disclosed; the focus is on mitigating risk from unpatchable equipment (e.g., MRI, smart pumps). Source: DataBreachToday – How Main Line Health Secures Devices With Microsegmentation