Healthcare System Hardened Digital Front Line

With 15 hospitals and more than 225 outpatient clinics, this healthcare system supports millions of digital interactions daily. Patients book appointments online, access health records via Apple Health, and rely on third-party scheduling tools — all powered by APIs spread across four different hosting environments. When a massive DDoS attack crippled its patient portal, the organization realized it needed more than patchwork fixes. It needed a strategic partner. Enter Akamai.

In today’s connected world, delivering care depends on secure, high-performing digital infrastructure. “Healthcare used to move slowly. Now everything is faster. And that speed adds risk,” explained the organization’s Vice President and Chief Information Security Officer. The 21st Century Cures Act and rising patient expectations have pushed IT to operate at a digital-first pace. But with 17 API-powered apps and numerous public-facing sites hosted across AWS, Azure, Google Cloud, and on-prem environments, the organization lacked the unified visibility and consistent protection needed to keep up.

The wake-up call came during a DDoS campaign that took down the patient portal. “Our patients couldn’t access their records, which was unacceptable,” the CISO recalled. Most security vendors required the organization to reroute traffic, but that would have forced the network team to give up BGP control. “That’s a nonnegotiable for us. Akamai’s edge-based model, massive global footprint, and hands-off routing approach delivered instant value and zero compromise,” he continued.

Healthcare data is a gold mine for attackers. Before Akamai, bot swarms regularly scraped login pages and tested stolen credentials. “Stolen identities are endemic,” the CISO noted.

Relying on its website design partners’ security controls was no longer enough. With Akamai Bot Manager in place, the healthcare system now blocks hundreds of malicious bots every month, protecting patient data, reducing fraud risk, and keeping patient services running smoothly.

DNS failures don’t just affect websites — they can disrupt care delivery. By adopting Akamai Edge DNS, the organization isolated DNS from the rest of its hybrid environment, creating a critical layer of protection. “Maintaining DNS has become exponentially complex,” the CISO said. “Akamai shields us from that risk without adding overhead.”

Following an internal audit, the organization accelerated plans to adopt Akamai API Security by running a proof of concept. The solution helps automatically discover APIs and block API attacks without manual intervention. “Every team across our organization from IT to patient services feels the stress of a cyber issue. With Akamai, we can protect patient-facing APIs and reduce that burden,” the CISO explained.

Akamai services like mPulse and TrafficPeak feed real-time traffic insights into monthly executive dashboards. “We see unified traffic for all our web properties and applications across four platforms in one report,” said the CISO.

The data provides more than visibility — it provides answers. “Whether issues originate with a third party, in the cloud, or in our code, Akamai’s dashboards pinpoint the origin. That means we can fix problems instead of pointing fingers.”

Before Akamai, the CISO’s team spent hours chasing logs from disconnected systems. “We used to spend more time gathering data than solving problems,” he said.

Today, Akamai automatically blocks at least 15 DDoS attacks and hundreds of bot incursions each month. With a centralized view and automated protections, the team now focuses on high-value improvements that enhance patient care.

Around-the-clock demands for access to apps and websites once meant nonstop on-call rotations for the CISO’s team. Akamai’s automation and single-interface visibility changed that. Simplifying infrastructure while strengthening security has reduced operational strain and improved morale.

“Our team used to be spread thin across multiple tools, and kept insane hours to troubleshoot patient-facing APIs and websites. Now they focus on what matters and don’t lose sleep because we know exactly where the issues are,” said the CISO.

The healthcare system works closely with Akamai Professional Services to fill skills gaps and accelerate deployment. From tuning DNS to hardening APIs and optimizing global traffic flows, Akamai brings proven solutions and hands-on expertise.

“We’re not looking to be pioneers. We want what works, backed by numbers. Akamai delivers all that,” the CISO said.

The organization is preparing to migrate to Epic and MyChart, an effort the CISO likens to “changing an engine while the car is moving.” Akamai is helping ensure a smooth transition.

With TrafficPeak monitoring adoption and usage patterns, and Professional Services guiding each stage, the team can detect anomalies and fine-tune the rollout with confidence. “Another customer recommended Akamai because many of its customers use Akamai solutions, so we can rest easy knowing we’re using proven solutions for this strategic project,” the CISO added.

From mitigating DDoS threats to protecting APIs and streamlining operations, Akamai has become an indispensable part of the healthcare system’s journey. “Providing patient services is more complex than ever, but delivering them securely doesn’t have to be. That’s where Akamai helps,” the CISO concluded.