ZERO TRUST IN HEALTHCARE ENVIRONMENTS: RECONCILING THE PRINCIPLE OF LEAST PRIVILEGE WITH AVAILABILITY REQUIREMENTS IN LIFE-SUPPORT SYSTEMS

Resumo

This paper examines the challenges of implementing the Zero Trust Architecture (ZTA) in healthcare environments, with a particular focus on reconciling the Least Privilege principle with the stringent availability requirements of life-critical systems. While Zero Trust promotes strict access control and continuous verification, healthcare infrastructures must ensure uninterrupted operation of medical devices and clinical workflows, where delays or access restrictions may directly impact patient safety. This work provides a systematic analysis of the inherent trade-offs between security and availability in hospital networks, especially in the context of legacy systems, heterogeneous medical devices, and real-time clinical decision-making. We review existing approaches to access control, including role-based and attribute-based models, and evaluate their limitations when applied to dynamic and high-stakes medical environments. Furthermore, we propose a context-aware access control framework that dynamically adjusts privilege levels based on operational conditions, such as emergency scenarios, user roles, and device criticality. The proposed model aims to preserve the core principles of ZTA while ensuring that essential medical services remain continuously available. Finally, we discuss implementation challenges, potential risks, and future research directions toward resilient and secure healthcare infrastructures.