authors – Geoff Wilmington, Mike Lonze

Healthcare organizations are focusing more and more on securing patient data.  With Healthcare breaches on the rise, penalties and fines for lost or stolen PHI and PII data is not only devastating to the patients but to the Healthcare organization as well.  The Ponemon Institute Annual Benchmark Study on Privacy & Security of Healthcare Data has shown that nearly 50 percent of Healthcare organizations, up 5 percent from a previous study, have been breached and that criminal attacks are the leading cause of Healthcare breaches.  [1]  With breaches on the rise and Healthcare organizations feeling the pain, how can we help Healthcare start layering security approaches on their most critical business applications that contain this highly critical data?

The principle of least privilege is to provide only the necessary minimal privileges for a process, user, or program to perform a task.  With NSX, we can provide a network least privilege for the applications that run on the vSphere hypervisor using a concept called Micro-segmentation. NSX places a stateful firewall at the virtual network card of every virtual machine allowing organizations to control very granularly how virtual machines communicate or don’t communicate with each other.


Figure 1 – NSX Restricts to Necessary Communications

Working with Epic Systems jointly, VMware and Epic created an NSX Service Composer blueprint for an Epic Electronic Health Records system.  This blueprint is injectable into the VMware NSX platform and has the necessary firewall rule sets, ports, and protocols to provide a least privilege security posture for a customer’s Epic install.  Very quickly, NSX can help provide the least privilege security posture around the Epic infrastructure systems and provide another layer of defense against threats.

Those familiar with the Epic Electronic Health Records system know that there are many moving parts and data flows between the application servers that comprise the entire system.  In order to provide a principle of least privilege on this Electronic Health Records system, customers need a quick way that enables them to do so, in a non-disruptive and prescriptive way.  VMware understands the risk to Healthcare systems and built out a method to shorten the amount of time to provide a least privilege security posture much faster.

To start working and securing such a large application as Epic, it makes sense to break the system down into its functional tiers.  We broke Epic down into the following logical tiers:

  • Presentation – representing the frontend of the system with multiple applications from Hyperspace Web itself to the mobile applications like Haiku and Cantu
  • Reporting – representing the reporting-based services of Epic consisting of BCA, Cogito, and Clarity
  • Service – representing Web BLOB, Epic Print Services, monitoring services such as System Pulse
  • Database – representing the Operational Database on Cache’ and the many clones of production such as SUP, REL, and training database instances.

Figure 2 – NSX Service Composer Breakdown of Epic Application Tiers

With these different tiers broken out, we can move to providing only the necessary communications that the Epic applications require to function properly.

Figure 3 – Anatomy of an NSX Security Policy

Taking a look at Figure 3, the process for how we leverage this blueprint to secure a portion of the Epic application follows this workflow:

  • The Kuiper NSX Security Tag is placed on the Kuiper Virtual Machine
  • The Kuiper NSX Security Group contains all machines with the Kuiper NSX Security Tag placed on it
  • The Kuiper Services create created in NSX
  • The Kuiper Services are placed into a Kuiper Services Group
  • These items are used to create the Kuiper NSX Security Policy which will use these objects to create the Distributed Firewall Rulesets necessary for Kuiper to function and communicate with the rest of the Epic Electronic Health Records system

The end result is what you see here for the Kuiper application in Epic.  This same process is followed for all of the other applications that make up the Epic Electronic Health Records system.


Figure 4 – Epic Kuiper NSX Distributed Firewall Rule Example

With a strategy that’s proven in the field, getting to a Day 2 least privilege security model around a Healthcare organization’s Epic Electronic Health Records system, is much simpler, cost-effective, and fast.

VMware and Rapid City Regional Health discussed how they leveraged this process to secure their new Epic Electronic Health Records system at VMworld US 2017.  If you’d like to hear a customer experience in their security journey, you can view that session here.  If you’d like a more in-depth discussion on how to leverage this blueprint for helping secure your Healthcare organizations Epic system, please reach out to your VMware representative.