Trials and demos
How to buy

Healthcare

Scaling secure healthcare with confidence

Through the implementation of an integrated Cisco security architecture, Rush University System for Health reduced risk, improved visibility, and built a foundation for Zero Trust.

Strengthening security across a growing environment

Given their expanding footprint, the team set out to standardize on a unified approach to secure users, applications, and data without added complexity.

Rush University System for Health

Rush University System for Health (RUSH) is a national leader in patient care, education, and research, supporting 25,000+ users across 65+ locations.

Challenge

As their environment grew across hospitals, clinics, and telehealth services, the team aimed to reduce security risk, strengthen segmentation, and gain actionable visibility—without adding complexity or disrupting clinical and academic operations.

  • Limited visibility into application behavior made it difficult to identify anomalies and confidently define security policies.
  • Manual processes to map application dependencies slowed segmentation efforts and increased the risk of gaps.
  • Disconnected tools limited the ability to enforce consistent, identity-based policy across users, devices, and workloads.

Solution

Rush deployed an integrated Cisco security architecture to unify identity, network, and workload controls—delivering end-to-end visibility, accelerating segmentation, and reducing risk across campus and data center environments.

  • Cisco Secure Firewall 4200 Series delivers high-performance, identity-aware firewalling to enforce consistent policy across data center and campus environments.
  • Cisco Secure Workload provides application visibility and microsegmentation, enabling faster policy creation and reducing risk through behavior-based controls.
  • Cisco Identity Services Engine (ISE) enables identity-driven access control, enforcing policy based on user, device, and posture across the network.
  • Cisco Secure Network Analytics delivers deep network visibility and validates segmentation policies, while detecting anomalous behavior and enabling faster response.

Outcomes

Reduced risk, faster mitigation

Mitigated critical application risk in weeks vs. years using segmentation and workload visibility.

Accelerated policy creation

Replaced manual mapping with automated discovery, cutting policy development from months to weeks.

Greater visibility, stronger control

Gained deep insight into application behavior to detect anomalies and enforce precise controls faster.

    A Zero Trust foundation for care at scale

    Rush supports care and education across the Chicago area—with three hospitals, multiple outpatient surgery centers and clinics, and an academic and research mission that expands the organization’s reach far beyond traditional healthcare delivery. With at least 65 locations and a footprint that continues to grow as new sites come online, Rush’s network team must sustain consistent security and performance while keeping clinical and academic operations running without interruption.

    That scale is matched by the number of people who depend on the network every day. Rush supports more than 25,000 users, including over 2,800 students, approximately 13,000 employees and staff, and thousands of additional collaborators, support personnel, and temporary workers. In recent months, Rush has also accelerated telehealth—delivering virtual care through secure video consultations and remote services that extend their reach nationally—raising the stakes for resilient, identity-aware security controls that can continuously adapt.

    For the Director of Network Engineering and Unified Communications, Uzair Khan, the objective was straightforward: reduce risk and minimize attack vectors without slowing the business. “Our challenges aren’t unique to healthcare—we’re all trying to minimize risk and reduce our attack surface,” he explains. “But for us, it’s also about creating a secure environment for everyone we serve, from patients and caregivers to students.” He adds, “Security isn’t just about protecting data—it’s about protecting patient trust and ensuring continuity of care.”

    That need converged with a broader strategy already in motion. Rush had invested in macro network segmentation and was actively exploring deeper, microsegmentation-style controls. “We weren’t looking for a point solution,” Uzair says. “We wanted something strategic and integrated—something built for where we want to be in three to five years.” With Rush already operating as a Cisco shop across their campus, wireless, and data center portfolio, the team prioritized a unified approach that could connect identity, segmentation, and workload visibility into one cohesive model.

    Choosing an integrated security ecosystem 

    As Rush evaluated their firewall direction through a Request for Proposal (RFP) process, the decision came down to more than a like-for-like replacement. The team wanted performance headroom, future-proof hardware, and an approach that could integrate naturally with the rest of the security stack already in place. Cisco stood out because it aligned with where Rush was headed: a unified, Zero Trust architecture where tools feed each other context and enable coordinated action.

    “We wanted an ecosystem where our tools could talk to each other,” Uzair explains. “If something is flagged in one place, we can take action across the environment—not operate in silos.”

    Rush standardized on the Cisco Secure Firewall 4200 Series, alongside Cisco Identity Services Engine (ISE), Cisco Secure Workload, and Cisco Security Network Analytics. Together, these solutions supported a core design principle: enforce consistent security policy based on identity, device posture, and workload context—not just IP addresses. 

    For Rush, identity and context were essential because healthcare environments carry unique constraints. Some data and applications cannot be decrypted or inspected in traditional ways due to policy and compliance requirements. “There are datasets we simply can’t decrypt,” Uzair notes. “We still need to protect those assets without violating governance, and that’s where having the right architecture matters.”

    Equally important was operational simplicity. Rush wasn’t looking to add complexity or require engineers to constantly stitch together disparate systems. “We didn’t want to bolt on another tool and then figure out how to integrate it later,” he says. “We wanted something that was inherently connected.” That vision also extended into the future: as Rush grows their cloud footprint, the organization wanted a path to expand without a disruptive redesign.

    Deployment built for speed and clarity

    Rush’s firewall deployment began in a greenfield environment, which enabled a clean implementation and a chance to build the right foundation from the start. The experience reinforced a key value for the team: getting to meaningful insights quickly, without forcing engineers to spend excessive time navigating tools or piecing together information.

    From a day-to-day usability standpoint, the team emphasized the speed of access to actionable data. “We’re not five clicks deep trying to find what we need,” Uzair says. “Cisco’s dashboards give us the data right away without having to dig through multiple places.”

    Secure Workload, in particular, helped Rush accelerate the early stages of segmentation and policy development by making application behavior visible in a practical, operational way. Rather than relying solely on manual processes to map application components and communication paths, the team could place Secure Workload in monitoring mode and observe real patterns in the environment.

    “We can let the tool run and build intelligence for us,” Uzair explains. “Instead of engineers manually mapping everything, it’s happening in the background.”

    In one example, Rush used a 90-day discovery period to inform policy decisions—gaining the insights needed to craft rule sets and apply them efficiently. That process also uncovered unexpected behaviors, such as infrequent jobs that only run periodically. “You discover things you didn’t even know were happening,” he says. “That helps us build policies that reflect reality, not assumptions.”

    The outcome was a faster path from discovery to enforcement, with minimal disruption. Rush could identify anomalies, refine policies, and apply controls quickly—while also establishing a repeatable model for securing new applications moving forward.

     

    Measurable progress toward resilience

    Rush’s program is designed to strengthen security across the environment while supporting modernization, including a data center migration underway and longer-term plans to expand cloud adoption. Even as the firewall environment matures, Rush is already seeing tangible results from the broader architecture—particularly in workload visibility, risk reduction, and operational efficiency.

    Secure Workload provided the team with clear insight into application behavior, enabling faster and more accurate policy creation. “Instead of manually reconstructing application architecture, we’re relying on the tool to do that discovery for us,” Uzair says. “That’s a big operational savings.”

    In a high-impact example, Rush used Secure Workload to mitigate risk tied to legacy applications that could not be upgraded or migrated on an acceptable timeline. Rather than carrying that exposure for up to two years, the team addressed the risk in a matter of weeks. “That was a big win for us,” Uzair says. “We didn’t have to accept the risk—we were able to mitigate it much faster than expected.”

    These improvements have translated into measurable progress in Rush’s overall security posture, including alignment with NIST-based objectives. Just as importantly, they have shifted internal perception. “There’s definitely a positive sentiment from leadership,” he adds. “We’re being proactive about security instead of reacting to issues after the fact.”

    Looking ahead, Rush plans to activate more advanced capabilities through their Cisco Secure Firewalls, including Encrypted Visibility Engine (EVE), to strengthen protection in environments where decryption is not possible. At the same time, they are continuing to align these capabilities within a more unified, Hybrid Mesh Firewall approach—bringing greater consistency to policy and enforcement across environments. The team is also evaluating opportunities to reduce reliance on third-party tools as more capabilities become available within the Cisco platform. “If we can consolidate and use what’s already built in, there’s real value there—not just operationally, but financially,” Uzair notes.

    For Rush, the story isn’t just about deploying products. It’s about advancing a security foundation that supports lifesaving care and innovation at scale—across 3 hospitals, over 65 locations, and 25,000+ individuals—while preparing for what comes next. “We’re building an ecosystem that feeds itself,” Uzair says. “That’s what positions us for the future.”

    More for you

    Technology has changed how we live and work.

    Leading organizations are innovating with Cisco solutions to connect, secure, and transform.

    Security

    Organizations like yours rely on Cisco

    Each industry has its own challenges that require tailored solutions.

    Manufacturing

    You are a changemaker, innovator, and discoverer.

    We want to help you share your story. Learn more about how you can build your organization's profile—and your own—as you expand your network.

    Customer Reference Program Cisco Insider Advocacy

    Next Steps

    A fundamentally new approach to firewalling

    Enforcement points change, policies don't. See how you can get started with Hybrid Mesh Firewall that meets you where you are for securing your hybrid enterprise.

    Talk to an expert