The rapid digitization of healthcare has intensified longstanding tensions between innovation-driven cybersecurity paradigms and the operational realities of legacy medical infrastructure. Healthcare delivery organizations increasingly rely on artificial intelligence-enabled clinical decision support systems, networked diagnostic platforms, and data-intensive workflows that demand resilient and adaptive security architectures. At the same time, hospitals remain structurally dependent on legacy medical devices and clinical workstations that were never designed to operate within modern threat environments. This structural contradiction has elevated zero-trust security architectures from a theoretical construct into a strategic imperative. Zero trust challenges traditional perimeter-based security by assuming persistent compromise, enforcing continuous verification, and tightly coupling identity, device posture, and contextual risk. However, the application of zero trust within healthcare contexts is neither straightforward nor uniform, particularly when legacy operating systems and constrained clinical workflows dominate hospital environments.

This study develops a comprehensive, theory-driven evaluation of zero-trust adoption in healthcare systems with a specific focus on the modernization of clinical workstations and the transition toward Windows 11 environments. Building upon recent empirical evaluations of Windows 11 adoption in hospital settings, the article situates operating system modernization as both a technical and governance challenge that intersects with regulatory compliance, artificial intelligence trustworthiness, and organizational risk cultures (Nayeem, 2026). Through an integrative qualitative methodology grounded in systematic literature synthesis, governance analysis, and comparative security architecture assessment, the research interrogates how zero-trust principles can be operationalized without disrupting patient safety or clinical efficiency.

The findings suggest that zero trust functions less as a singular architectural deployment and more as an evolving governance framework that reshapes accountability, authentication, and system interoperability. The results reveal that operating system modernization is a necessary but insufficient condition for effective zero-trust implementation. Instead, successful adoption depends on institutional learning, identity federation maturity, explainable artificial intelligence, and alignment between cybersecurity policy and clinical risk tolerance. This article contributes a multi-layered conceptual framework that bridges cybersecurity theory, healthcare governance, and socio-technical systems analysis. It concludes by outlining future research pathways that address ethical accountability, legacy system resilience, and the co-evolution of artificial intelligence and zero-trust security in healthcare ecosystems.

Zero-trust architecture, healthcare cybersecurity, legacy medical devices, clinical workstations

Help Net Security. Rising cyber incidents challenge healthcare organizations. 2023.

Habli I, Lawton T, Porter Z. Artificial intelligence in health care: accountability and safety. Bulletin of the World Health Organization. 2020;98:251–256.

Kasralikar P, Polu OR, Chamarthi B, Veer Samara Sihman Bharattej Rupavath R, Patel S, Tumati R. Blockchain for securing AI-driven healthcare systems: a systematic review and future research perspectives. Cureus. 2025;17:e83136.

Northcutt S. Inside network perimeter security. 2nd ed. Sams; 2005.

Debnath S. Integrating information technology in healthcare: recent developments, challenges, and future prospects for urban and regional health. World Journal of Advanced Research and Reviews. 2023;19(1):455–463.

Ghasemshirazi S, Shirvani G, Alipour MA. Zero trust: applications, challenges, and opportunities. arXiv. 2023;1–23.

Nayeem M. Bridging zero-trust security and legacy medical devices: An evaluation of Windows 11 adoption in hospital clinical workstations. Frontiers in Emerging Artificial Intelligence and Machine Learning. 2026;3(1):1–8.

Gellert GA, et al. Zero trust and the future of cybersecurity in healthcare delivery organizations. Journal of Hospital Administration. 2023;12(1):1–8.

He Y, et al. A survey on zero trust architecture: challenges and future trends. Wireless Communications and Mobile Computing. 2022;2022:1–13.

Burrell DN. Understanding healthcare cybersecurity risk management complexity. Land Forces Academy Review. 2024;29:38–49.

Markus AF, Kors JA, Rijnbeek PR. The role of explainability in creating trustworthy artificial intelligence for health care: a comprehensive survey. Journal of Biomedical Informatics. 2021;113:103655.

Tyler D, Viana T. Trust no one? A framework for assisting healthcare organisations in transitioning to a zero-trust network architecture. Applied Sciences. 2021;11(16):1–18.

Khan MJ. Zero trust architecture: redefining network security paradigms in the digital age. World Journal of Advanced Research and Reviews. 2023;19(3):105–116.

Hong QN, Pluye P, Fàbregues S, et al. Mixed methods appraisal tool (MMAT), version 2018. BMJ. 2018;1–7.

Page MJ, McKenzie JE, Bossuyt PM, et al. The PRISMA 2020 statement: an updated guideline for reporting systematic reviews. BMJ. 2021;372:n71.

Eastwood B. Tips for health systems on managing legacy systems to strengthen security. HealthTech Magazine. 2024.

Kaspersky. Kaspersky finds 73% of healthcare providers use medical equipment with a legacy OS. 2024.

Ho G, et al. Hopper: modeling and detecting lateral movement (extended report). arXiv. 2021;1–20.

Mandiant. M-Trends 2022 special report: executive summary. 2022.

Huda S, Islam MR, Abawajy J, Kottala VN, Ahmad S. A cyber risk assessment approach to federated identity management framework-based digital healthcare system. Sensors. 2024;24:5282.

Ajish D. The significance of artificial intelligence in zero trust technologies: a comprehensive review. Journal of Electrical Systems and Information Technology. 2024;11:30.

Ofili BT, Erhabor EO, Obasuyi OT. Enhancing federal cloud security with AI: zero trust, threat intelligence, and compliance. World Journal of Research and Review. 2025;25:2377–2400.

Shojaei P, Vlahu-Gjorgievska E, Chow YW. Security and privacy of technologies in health information systems: a systematic literature review. Computers. 2024;13(2):1–25.

Vijayasekhar D. Securing the future: strategies for modernizing legacy systems and enhancing cybersecurity. Journal of Artificial Intelligence and Cloud Computing. 2022;1(3):1–3.

Department of Health. Investigation: WannaCry cyber-attack on the NHS. UK National Audit Office. 2018.

International Conference on Communication Technologies (ComTech 2017). Institute of Electrical and Electronics Engineers; 2017.