MedImpact

Protects healthcare data with multilayered security approach

Overview

MedImpact Healthcare Systems is the largest privately held pharmacy benefit manager (PBM) serving health plans, self-funded employers, and government entities globally. Founded in 1989, MedImpact delivers pharmaceutical and technology-related solutions that improve the value of healthcare and sets standards that optimize satisfaction, cost, service, and quality in the healthcare industry. Headquartered in San Diego, California with offices in the United States (Arizona, Michigan), UAE, and China, MedImpact processes more than 1 million healthcare claims daily.

MedImpact operates two primary data centers, with databases and configurations replicated in real time. In addition, the company has three call centers, which are staffed 24/7, as well as private network routing centers for transmitting healthcare information in compliance with HIPAA and other regulations.

Challenges

MedImpact’s primary mission is protecting patient information. The company’s data centers are regularly audited to ensure compliance with HIPAA, payment card industry (PCI) standards, and other regulations, but it is always looking for additional protection for its multilayered defenses to guard against advanced attacks.

MedImpact’s approach to security is to deploy a defense-in-depth strategy, using multiple layers of security controls throughout the system. A key challenge was finding security solutions that could communicate with each other and share valuable data in real time.

“Independent security vendor solutions should be able to communicate and work together to detect potential security-related issues,” said Frank Bunton, MedImpact vice president and chief information security officer (CISO). “Without this critical communications capability, security solutions are limited to their internal ability to detect and destroy malware.”

Why Trend Micro

An existing customer of TippingPoint Intrusion Prevention System (IPS), MedImpact was pleased when Trend Micro acquired TippingPoint in 2015. At the same time, MedImpact was looking to add a layer of advanced threat protection to its defense-in-depth strategy. The company began a proof of concept (POC) for products from three different vendors, including Deep Discovery. “Deep Discovery was a no-brainer. It outperformed the competitors and was well respected by Gartner,” said Bunton.

In addition to security on the network, MedImpact added endpoint protection with Trend Micro Apex One as a Service to take advantage of the cloud offering on the endpoint.

"EDR accelerates the threat analytics process so we can get to the solution faster. That’s critical because we see sophisticated attacks every day."

Frank Bunton
Vice President and CISO, MedImpact

Solution

MedImpact deployed Deep Discovery Inspector and Deep Discovery Analyzer in 2015. Deep Discovery Inspector monitors traffic across all ports and more than 80 protocols and applications to identify malware, command-and-control (C&C) exploits, and activities signaling an attempted attack. The solution also automatically shares detection intelligence with Deep Discovery Analyzer, TippingPoint, and other security products to block further attacks.

When MedImpact began migrating to the cloud in 2019, the company upgraded to Apex One as a Service and Endpoint Sensor to gain EDR capabilities. “EDR accelerates the threat analytics process so we can get to the solution faster. That’s critical because we see attacks every day on just about every network,” says Bunton.

The Trend Micro Apex Central management console provides a single monitoring point and reporting mechanism for all security products across the network. It integrates with Trend Micro Deep Discovery Analyzer and TippingPoint appliances to provide suspicious file analysis, malicious remediation, and potential escalation to the Trend Micro analysis team across endpoints and networks.

“With Apex One as a service, we were able to migrate our endpoint protection capabilities to the cloud, benefiting from advanced and automated threat detection and an easy-tomanage SaaS console. The SaaS solution also ensures we are always on the latest version and no longer need to maintain an on-premises infrastructure.”

"A lot of good things happen with a multilayered security infrastructure—from greater efficiency and scalability to peace of mind that our system and data are protected."

Frank Bunton
Vice President and CISO, MedImpact

Results

All of MedImpact’s Trend Micro endpoint security products are integrated into the company’s third-party security information and event management (SIEM) services, with the Apex Central management hub. Apex Central expands the capabilities of the individual security components by allowing them to work together to solve security issues and provides a remediation timeline for compliance auditors when needed. “Integration means the types of solutions you can apply to security problems expands exponentially. The other option is chasing malware up and down the network, and I’ll never win that race,” says Bunton.

Apex One as a service, TippingPoint, and Deep Discovery work together to provide MedImpact with the layered defense it needs to support its defense-in-depth security strategy, along with the ability to rapidly deploy new appliances. In addition, the automatic configuration of appliances to support privacy and compliance requirements saves even more time and further bolsters security. “A lot of good things happen with a multilayered security infrastructure—from greater efficiency and scalability to peace of mind that our system and data are protected,” says Bunton.

What's Next

MedImpact is currently migrating to Microsoft Office 365 Exchange. As it does, the company is currently deploying Trend Micro Cloud Email Gateway Services to scan email in real time without impacting email flow.

The company is also currently deploying Trend Micro Deep Security. “The fact that Deep Security interacts with our servers on a virtual basis ensures that our applications won’t be interrupted, which is critical because our systems have to be operational 24/7/365.”