Protects healthcare data with multilayered security


Founded in 1989, MedImpact Healthcare Systems is the largest privately held pharmacy benefit manager (PBM), serving health plans, self-funded employers, and government entities in the United States. The company delivers pharmaceutical and technology related solutions that improve the value of healthcare and sets standards that optimize satisfaction, cost, service, and quality in the healthcare industry. Headquartered in San Diego, CA with offices in Arizona, Michigan, UAE, and China, MedImpact processes more than one million healthcare claims daily.

MedImpact operates two primary data centers, with databases and configurations replicated in real time. In addition, the company has three call centers, which are staffed 24/7, as well as private network routing centers for transmitting healthcare information in compliance with HIPAA and other regulations.


As an organization handling healthcare data, MedImpact’s primary mission is protecting personal patient information. MedImpact’s data centers are regularly audited to ensure compliance with HIPAA, PCI, and other regulations, but they are always looking for additional protection for their multi-layered defenses to guard against advanced attacks. To stay protected, MedImpact wanted to enhance its security at the network perimeter, as well as east-west and server-to-server traffic between its data centers. “We wanted to be able to monitor our east-west traffic to determine if a data center was compromised, so we could isolate it and take preventive action,” said Frank Bunton, MedImpact Vice President and CISO.

Another key challenge for Bunton was finding security solutions that could communicate with each other and share valuable data in real time. MedImpact’s approach to security is deploying a defense-in-depth strategy, using multiple layers of security controls throughout the system. “Products working together to share information is the future of security. Independent security vendor solutions you deploy should be able to communicate and work together to detect potential security related issues. Without this critical communications capability, security solutions stand alone, and are limited to their internal ability to detect and destroy malware,” said Bunton.

"Deep Discovery was a
 no brainer. It outperformed all competitors and was well-respected by Gartner. When Trend Micro purchased TippingPoint, we knew we had the best of both worlds."

Frank Bunton,
Vice President and CISO, MedImpact

Why Trend Micro

An existing customer of TippingPoint™ Intrusion Prevention System, MedImpact was pleased when Trend Micro acquired TippingPoint in 2015. At the same time, MedImpact was looking to add a layer of advanced threat protection (ATP) to its defense-in-depth strategy. They began a proof of concept (PoC) for three different vendors, including Trend Micro™ Deep Discovery™, powered by XGen™ security. “Deep Discovery was a no brainer. It outperformed all competitors and was well-respected by Gartner. When Trend Micro purchased TippingPoint, we knew we had the best of both worlds,” said Bunton.

During the Deep Discovery™ PoC process, MedImpact was impressed with Trend Micro support services. “Our team really had great support from Trend Micro. Our dedicated support person was always quick to help with any issues, and really knew the products,” said Bunton.


For MedImpact, Trend Micro™ TippingPoint™ and Trend Micro™ Deep Discovery™, powered by XGen™ security, perfectly complement the company’s multi-layered strategy. While the advanced threat protection in Deep Discovery™ monitors port traffic, the intrusion prevention capabilities of TippingPoint™ inspect traffic and destroy traffic from bad actors attempting to exploit web portals and internal applications using SQL injection or Cross Site Scripting techniques.

“Today’s polymorphic malware can actually change its signature, so you need to identify and stop these threats using behavior analysis with a combination of ATP (Deep Discovery) and IPS (TippingPoint),” said Bunton.

MedImpact deployed three Deep Discovery Inspector network appliances in 2015, as well as Deep Discovery Analyzer. Deep Discovery Inspector monitors traffic across all ports and more than 80 protocols and applications to identify malware, command-and-control (C&C) exploits, and activities signaling an attempted attack. The solution also automatically shares detection intelligence with Deep Discovery Analyzer, TippingPoint, and other security products to block further attacks. “When we find something suspicious, we upload it to Deep Discovery Analyzer before any damage can be done,” said Bunton.

Integration is at the heart of MedImpact’s multi-layer security solution. The company is currently deploying Trend Micro™ Control Manager, which integrates Deep Discovery, TippingPoint, and other security products into a single console. This simplifies the deployment of additional appliances, including the integration of existing knowledge gained from the identification of previous threats. “With Control Manager, we can reduce configuration time required for integration from one month to one day,” said Bunton.


The combination of Trend Micro™ TippingPoint™ and Trend Micro™ Deep Discovery™ not only provided the layered defense MedImpact needed to support its defense-in-depth security strategy, but the ability to rapidly deploy new appliances significantly improved efficiency. In addition, the automatic configuring appliances to support privacy and compliance requirements saves even more time and further bolsters security. “A lot of good things happen with a multi-layered security infrastructure—from greater efficiency and scalability to peace of mind that our system and data are protected,” said Bunton.

According to Bunton, the number of threats the solution stops is unbelievable, likening it to a battle scene. “I can use a packet analysis tool to see lots of bad stuff. These Trend Micro solutions are at work 24/7, and they earn their living every day,” said Bunton.

What's Next

In addition to moving to a new data center, which requires relocating MedImpact’s entire IT environment without any downtime, the company is looking ahead to further enhancing its security with Trend Micro™ Deep Discovery™ Email Inspector. The company also plans to integrate Trend Micro™ OfficeScan™ XG into IBM BigFix®, a collaborative endpoint security and management platform.