Zero-trust across fourteen clinics.
A multi-site clinical network replaced a brittle VPN with identity-first access — making security stronger and clinicians' lives easier at the same time.
The challenge
Meridian Health's 3,400 clinical staff reached patient systems across fourteen clinics through a legacy VPN. It was slow, frequently down, and — because access was effectively all-or-nothing once connected — a broad attack surface in a regulated, high-stakes environment.
Any change had to respect HIPAA obligations and, above all, could not get between a clinician and a patient record in a moment that mattered.
Our approach
We designed an identity-first, zero-trust access model: every request authenticated, every clinician granted least-privilege access to exactly the systems their role required, with full audit trails.
Rollout was staged clinic by clinic, with on-site support during each cutover and a fast rollback path. We tuned the experience until login was faster than the VPN it replaced — the surest way to win clinical adoption.
The outcome
All 3,400 staff across fourteen sites moved to identity-aware access, cutting the effective attack surface by an estimated 92% while making day-to-day login faster.
Meridian gained a complete, queryable audit trail of access — a material improvement to its compliance posture.
Begin a conversation → about a similar engagement.