Industry
Rehabilitation/Behavioral Health
Challenge
Years of rapid growth created a flat, complex virtual network with limited visibility into east‑west traffic. In this environment, any single compromised system could allow an attacker to move laterally across the data center and impact clinical systems. The client needed to introduce internal firewalls and implement enterprise‑grade network segmentation across both active data centers. They required this work to be performed without downtime, without impacting thousands of users, and within a compressed timeline linked to broader modernization efforts.
Results
CereCore delivered a segmentation project that strengthened cybersecurity resilience while maintaining full operational continuity. The implementation resulted in zero downtime, zero user‑reported disruptions, zero performance degradation, and zero customer support tickets. Despite timeline compression, the work was completed 30 days earlier than the revised target.
Services Provided
IT Infrastructure & Networking
About the Provider
The client is a large integrated delivery network operating 60 hospital campuses, more than 250 care sites, and over 8,000 licensed beds. Its 32,000 employees rely on always‑available clinical and business systems, including EHR, imaging, laboratory, and patient‑care applications. The organization manages a large virtual server environment running mission‑critical applications across two active data centers that support 24/7 operations.Network Experience in Healthcare Shaped the Approach
The team began by performing automated network discovery to overcome the lack of application documentation. More than 500,000 traffic flows were analyzed to understand application dependencies and to generate accurate, streamlined firewall rules. This approach prevented rule sprawl, improved performance, and eliminated months of manual data gathering.
Deployment was executed through precise planning with clinical operations. Firewalls were placed in monitoring mode first to validate behavior, then activated during carefully controlled maintenance windows. Engineers remained on standby throughout, with rapid rollback procedures ready but ultimately never needed.
CereCore’s healthcare‑specific experience was central to the project’s success. The team understood the sensitivity of clinical workflows and designed a phased deployment strategy that protected EHR workflows, imaging, medication administration, and laboratory operations.
The segmentation model aligned with healthcare security expectations by separating clinical, imaging, laboratory, business, infrastructure, and DMZ zones. This defense‑in‑depth architecture helped the organization strengthen compliance with security requirements and improve audit readiness through comprehensive logging and documentation.
The solution also improved operational visibility by converting previously opaque east‑west traffic into clearly monitored, controlled pathways. This visibility now allows faster troubleshooting, more effective incident response, and future readiness for zero‑trust strategies.
The executive sponsor praised the collaboration and preparation that enabled the safe activation of the intra‑data center firewall—highlighting the project as foundational for future infrastructure initiatives.
Life After Network Segmentation
Over the following month, CereCore performed continuous monitoring, tuning policies and validating the final architecture. The organization received complete documentation, operational runbooks, and staff training to ensure long‑term sustainability.
“Kudos to the network design build and support teams for excellent preparation, collaboration, hard work, and commitment to completing the lock-down of the intra‑DC firewall at the <<client>> datacenter. This has been an ongoing project that was key to enabling several other infrastructure efforts. Special thanks to engineers as well as their managers.”
| AVP, Network and Telecom
Result
The implementation resulted in zero downtime, zero user‑reported disruptions, zero performance degradation, and zero customer support tickets. Despite timeline compression, the work was completed 30 days earlier than the revised target.
Ready to get started?
