Safeguard Epic Applications with AWS and F5 for Better Patient Outcomes

Dave Morrissey Miniature
Dave Morrissey
Published March 07, 2024

Healthcare data is a favorite target for cyber criminals. In 2023, over 133 million healthcare records were exposed or stolen during a record-breaking number of data breaches.1 The financial fallout of these attacks can be significant, as the average cost of a healthcare data breach was nearly $11 million in 2023.2

Not only do these breaches expose sensitive personal data, but the cyberattacks behind them can also disrupt vital systems, such as electronic health records (EHR). Outages are costly—as much as $2 million per day3—and can also negatively impact patient care by impeding access to patient data, resulting in delays.

As healthcare IT grows more complicated with hybrid infrastructure, distributed applications, IoT technology, and mobile devices, security becomes a significant challenge. Effective defense requires trusted security partners for your Epic apps. Combining the robust native security of Amazon Web Services (AWS) with F5 security solutions enables you to safely deploy, manage, and operate your Epic apps in cloud or hybrid environments.

Comprehensive application protection

With over 130 HIPAA-eligible services, AWS delivers the tools and experience to ensure your Epic apps are secure and compliant. You can further improve your security posture with F5® BIG-IP® Advanced WAF® to protect your Epic apps from threats, including the OWASP Top 10, bad bots, and DDoS attacks. Web apps and APIs are kept secure against threats that can evade signature-based solutions and zero-day vulnerabilities. This is especially important as unpatched vulnerabilities are cited as a major infection vector in the healthcare industry.4 Strong API security is also necessary to support connections between Epic and other healthcare apps.

With real-time behavioral analysis and client-side encryption, BIG-IP Advanced WAF ensures your patients and healthcare providers can securely access your EHR from any device in any location. Protection is available for Epic apps in the cloud, on premises, or via Epic SaaS. The strong partnership between F5, AWS, and Epic ensures reliable protection anywhere apps are deployed.

Simplified management

Complexity is a hurdle for healthcare IT, but BIG-IP Advanced WAF provides centralized management and monitoring capabilities for end-to-end visibility. This visibility lets administrators easily maintain and enforce consistent security policies across your hybrid or multicloud environment. With validated security policies pre-configured for Epic applications, BIG-IP Advanced WAF helps ease the administrative burden of constantly updating security protocols for your Epic apps while providing further protection against outages or downtime.

Comprehensive reporting helps IT teams better understand traffic to Epic apps so they can fine-tune performance and more easily demonstrate compliance with healthcare regulations. In addition, F5 offers strong adoption support—as evaluated by Forrester Consulting—to make the move to BIG-IP Advanced WAF easier.

With AWS-validated “best-in-class in the cloud” security and networking competencies, F5 is a trusted partner to enhance the security and management of your Epic apps and other healthcare data. Protecting your Epic apps on AWS from threats and misconfigurations with BIG-IP Advanced WAF benefits your patients, staff, and administrators by enabling secure and reliable access to patient data to ensure ongoing quality care.

Discover how AWS and F5 can improve the security posture for your Epic apps and data by visiting

If you’re attending the HIMSS conference this March, stop by the AWS booth to learn more about how AWS can secure your Epic applications.


1. HIPAA Journal, December 2023 Healthcare Data Breach Report, January 2024

2. IBM, Cost of a Data Breach Report 2023, June 2023

3. SC Media, CommonSpirit Health cyberattack, month-long network outage cost $150M, February 2023

4. U.S. Department of Health and Human Services, 2022 Healthcare Cybersecurity Year in Review, February 2023