AWS Public Sector Blog
AWS and Wiz accelerate resilience for academic medical centers

Academic medical centers (AMCs) serve to connect the lab bench and the bedside, transforming complex academic research into a global standard of care. In 2026, the mission is more complex than ever: researchers are using generative AI to accelerate drug discovery, and clinicians require instantaneous access to patient data to save lives. This rapid pace of innovation, however, creates a vast and intricate digital footprint that must remain secure against increasingly sophisticated threats.
For the AMC CISO, the challenge is clear: How do you empower researchers to move at the speed of cloud while maintaining rigorous compliance and patient safety? Part of the answer lies in a unified approach. By combining the scalable, secure infrastructure of Amazon Web Services (AWS) with the deep visibility from Wiz’s AI-Application Protection Platform (AI-APP), AMCs can work towards a state of continuous compliance helping to remove security bottlenecks that can slow down innovations to drive clinical breakthroughs.
In this post, we discuss how AWS and Wiz support security and resilience for AMCs to help keep the focus more on patient care while maintaining a robust, secure operating environment.
Securing Epic on AWS
For most AMCs, the Epic EHR is a core element of clinical operations. Transitioning Epic to run as a managed workload on Amazon Elastic Compute Cloud (Amazon EC2) provides the scalability required for modern healthcare, but it also introduces the challenge of securing a monolithic environment without impacting clinical performance.
Managing Epic has been a source of operational pain, often due to the agent fatigue caused by traditional security tools. The combination of AWS and Wiz addresses this directly:
- Performance-first security – Wiz’s agentless approach helps AMCs quickly scan their entire Epic-on-EC2 footprint without requiring additional resource overhead from traditional agents. This provides deep visibility into vulnerabilities and misconfigurations without the risk of blue-screening a critical clinical database or degrading the performance of frontline clinician workflows.
- Full-stack Epic visibility – By mapping the entire Epic Graph, Wiz helps security teams see how an AWS Identity and Access Management (IAM) role, a network misconfiguration, and a software vulnerability might create a toxic combination that exposes patient records—all within the context of the AWS infrastructure.
Streamlining resilience
In line with the Trump Administration’s March 2026 Cyber Strategy for America, the federal posture has shifted toward Common-Sense Regulation (Pillar 2), which prioritizes operational readiness and offensive deterrence over administrative red tape. For AMCs, this means the goal of compliance is shifting from a checklist to a state of inherent resilience.
Although HIPAA remains the baseline for patient privacy, the final implementation of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), expected to be finalized by CISA later this year, introduces tighter reporting windows for significant incidents. For AMCs, this means reporting substantial incidents within 72 hours and reporting any ransomware payments within 24 hours, regardless of the incident’s size. AWS and Wiz help support this transition by automating the data-gathering processes that typically burden clinical and research teams:
- Automated context for HIPAA – AWS provides a secure foundation, and Wiz Data Security Posture Management (DSPM) continuously identifies and maps sensitive research data, personal health information (PHI), and personally identifiable information (PII) across Amazon Simple Storage Service (Amazon S3) buckets and Epic-associated volumes. With this solution, PHI and PII maintain compliance and are actively factored into risk assessments, so teams can prioritize remediation based on actual clinical impact.
- Rapid traceback for CIRCIA – To meet 72-hour reporting windows, the Wiz Security Graph assists in tracing risks from exposed resources back to specific IAM roles or code commits in minutes. Wiz helps connect signals across the software lifecycle, from code to runtime, to support the operational continuity insights needed to rapidly understand the area of impact of an incident.
With these automated capabilities, AMCs can move toward the Secure by Design principles emphasized by the new regulatory landscape. Catching risks earlier in the software lifecycle reduces operational friction and when a threat arises, the institution’s focus remains where it belongs: on uninterrupted patient care.
Transparency in the research supply chain
Modern medical research relies on a complex digital supply chain. To maintain the integrity of clinical data, AMCs require a clear accounting of the software and cryptographic models running in their environments. By integrating with Amazon Elastic Container Registry (Amazon ECR), Wiz assists in automating the generation of vital bills of materials:
- SBOM (software) – Providing an inventory of open source libraries to help identify vulnerabilities before they impact research.
- CBOM (cryptography) – Helping teams identify legacy encryption that might require modernization in line with new federal standards, and take action to protect against Harvest Now, Decrypt Later (HNDL) attacks.
- AI-BOM – A critical new field cataloging the models and training sets used in clinical AI, supporting transparency in how AI-driven insights are generated. This is particularly critical because federal research grant requirements from the NIH and NSF increasingly mandate AI-BOMs to ensure the integrity of AI-assisted clinical findings.
This visibility helps researchers innovate with confidence, knowing the building blocks of their applications are being continuously monitored for integrity.
Unified visibility for the research data lake
AMCs often use specialized platforms like Snowflake or Databricks on AWS to manage massive genomic or longitudinal studies. Historically, these platforms could exist as security silos, complicating the institution’s overall risk posture. The collaboration between AWS and Wiz helps extend visibility into these third-party environments. Wiz helps security teams view misconfigurations in a Snowflake warehouse or a Databricks Lakehouse alongside their AWS resources.
This visibility extends to AWS services like AWS HealthLake, which uses the Fast Healthcare Interoperability Resources (FHIR) standard to manage clinical data. Wiz helps secure these data stores with the same rigor as partner solutions. By unifying security for both on-premises health data stores and third-party platforms, Wiz provides a consistent single pane of glass to protect the vast data lakes that fuel institutional discovery.
Enabling Secure by Design innovation
In the AMC environment, shadow IT often emerges when security is perceived as a bottleneck to urgent research. By shifting security left into the development lifecycle, AMCs can integrate security earlier in the process, making it a seamless part of the clinical and academic workflow, and reducing the number of risks that enter production environments.
By using Wiz to scan infrastructure as code (IaC) templates (such as Terraform or AWS CloudFormation) before they are deployed to AWS, IT teams can support the creation of guardrailed sandboxes. With this proactive approach, research environments and the connections back to clinical data are built with institutional security standards from the start.
Wiz AI-APP and agentic defense
As AMCs adopt Amazon Bedrock and Amazon Bedrock AgentCore to build the next generation of clinical tools, they face a new category of AI-driven risks. Wiz AI-APP augments traditional Cloud-Native Application Protection Platform (CNAPP) capabilities and assists organizations in securing AI-integrated environments by helping identify AI-specific misconfigurations, including exposed model endpoints and over-privileged AI agents, before they can be exploited.
Furthermore, as the threat landscape evolves to include agentic threats (autonomous, AI-driven attacks), defense mechanisms must adapt. Wiz Agentic Security introduces AI-driven defenders that can investigate high-priority alerts at cloud speed. This helps security teams match the velocity of automated threats, helping protect sensitive clinical data and institutional intellectual property from autonomous exploitation.
Future-proofing for post-quantum cryptography readiness
In medical research, data longevity is paramount; genomic and longitudinal data remains sensitive for decades. This creates a unique HNDL risk, where data captured over the internet today could be decrypted by future quantum computing capabilities.
AWS is leading the way in quantum-resistant infrastructure, with several service endpoints, including AWS Key Management Service (AWS KMS), AWS Certificate Manager, and Amazon S3, already supporting Module-Lattice Digital Signature Algorithm (ML-DSA) and Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) quantum resistant algorithms. Wiz complements this by helping identify non-quantum-resistant algorithms across the AMC’s footprint. Together, they support the creation of a prioritized migration roadmap, helping safeguard today’s breakthroughs for the next century.
Conclusion
In the modern AMC, security is a vital component of the clinical care team to keep the integrated systems and patient records secure. The combination of AWS and Wiz offers a powerful framework for resilience, so the Epic EHR and the research data lakes that fuel discovery and clinical care are protected by design.
Although no single solution can provide total security, these automated capabilities help AMCs reduce administrative friction and keep their focus where it belongs: on the patients they serve and the innovations that save lives.
Ready to support your AMC’s mission with AWS and Wiz?
- Explore Wiz on the AWS Marketplace
- Learn more about AWS Healthcare and Life Sciences solutions
- Connect with your AWS team to discuss Healthcare Landing Zone Accelerator on AWS