Healthcare
Patient portal resilience, HIPAA compliance acceleration, clinical AI governance, FHIR API security, and medical device protection.
The problem
Threat actors target patient infrastructure at the same moments legitimate demand spikes — open enrollment, vaccine campaigns, public health emergencies. Patient portal credential stuffing provides access to PHI, prescriptions, insurance data. Healthcare UX constraint: can't add CAPTCHA friction that blocks elderly or disabled patients from accessing care.
How Cloudflare solves it
Always-on DDoS absorbs attacks across 500+ Tbps. WAF protects portal login and FHIR API backends. Bot Management separates credential stuffing from patients without friction. Waiting Room manages surges with FIFO queuing. Load Balancing provides automatic failover across hospital data centers.
Products
DDoS Protection, WAF, Bot Management, Waiting Room, CDN, Load Balancing, DNS, SSL/TLS, Argo Smart Routing, Turnstile
Customer KPIs
100% portal/telehealth availability during attack + surge; Credential stuffing blocked without elderly-patient friction; 37K threats/month blocked (Bumrungrad); 2.65M attacks/day mitigated (Taiwan); Telehealth session completion maintained; Patient satisfaction during surges maintained
The problem
The proposed rule makes all safeguards mandatory — organizations can no longer document why they didn't implement a control. 96% of hospitals run end-of-life systems. Average healthcare breach costs $10.93M (IBM). 72-hour breach notification from business associates requires near-real-time log delivery. Client-side payment page attacks (British Airways pattern) apply to patient portal billing.
How Cloudflare solves it
SSL/TLS with Keyless SSL provides encryption-in-transit mandate with key sovereignty. PQC future-proofs ePHI. Logpush streams to SIEM in near-real-time for 72-hour notification. Page Shield monitors client-side scripts on portal payment pages. DMARC blocks hospital brand phishing. Data Localization Suite controls ePHI jurisdiction for multi-state systems.
Products
SSL/TLS (Keyless SSL), PQC, Logpush, Page Shield, DMARC Management, Data Localization Suite, WAF
Customer KPIs
All ePHI encrypted in transit; Near-real-time logs for 72-hour notification; Client-side script monitoring on payment pages; Audit prep: weeks to hours; Hospital phishing blocked via DMARC; ePHI jurisdiction controlled for multi-state systems
The problem
500-bed hospitals have 10K-15K connected devices running Windows XP, embedded Linux, proprietary RTOS that will never be patched. HIPAA mandates segmentation between device, clinical, admin, and guest networks. Non-HTTP protocols (DICOM, HL7v2) bypass traditional WAF. The Stryker cyberattack (Iran-linked, March 2026) showed device supply chain compromise impacts hospitals.
How Cloudflare solves it
Magic Transit provides IP-layer DDoS for hospital network on-ramps. Magic WAN connects campuses/clinics/cloud with centrally enforced segmentation. Spectrum protects DICOM/HL7v2 non-HTTP traffic. Tunnel connects private networks without public IPs. ZTNA restricts device management to authorized biomed staff only.
Products
Magic Transit, Magic WAN, Spectrum, Cloudflare Tunnel, ZTNA, Network Firewall, Logpush
Customer KPIs
Device networks segmented per HIPAA; Asset inventory coverage for connected devices; Non-HTTP protocol traffic (DICOM, HL7v2) protected; Biomed access ZTNA-controlled; Campus-to-cloud secured via Magic WAN; Attack surface reduced via Tunnel
The problem
Ambient scribes record entire patient conversations. Revenue cycle uses AI coding tools on full clinical docs. Researchers feed datasets to external models. Shadow AI is acute — clinicians paste notes into ChatGPT, staff use unapproved tools without BAAs. 42 CFR Part 2 substance use data has stricter rules than standard PHI. Only 33% operate AI at scale; governance lags adoption everywhere.
How Cloudflare solves it
AI Gateway provides unified logging/caching/rate-limiting across all inference providers — single audit point. DLP with healthcare patterns (MRN, ICD-10, NDC, DEA) prevents clinical data reaching unauthorized models. CASB discovers every AI tool staff access. AI Firewall blocks prompt injection targeting clinical AI. Prompt logging creates HIPAA/OCR audit trail.
Products
AI Gateway, AI Firewall, DLP, CASB, Cloudflare One, Remote Browser Isolation
Customer KPIs
100% shadow AI visibility; PHI leakage to non-BAA models: zero; Healthcare DLP patterns enforced (MRN, ICD-10, NDC, DEA); AI cost reduction via caching; HIPAA audit trail for all AI interactions; Shadow AI discovery: real-time
The problem
Prior auth takes up to 14 days, requires manual calls/fax, delays treatment. CMS mandates electronic prior auth by 2027. Scheduling no-shows cost billions. Patient portals reduced no-shows by 21M visits in 2024. Care navigation can divert unnecessary ED visits. Traditional infrastructure can't handle stateful, multi-step auth workflows (eligibility → clinical docs → payer response → appeal) at scale.
How Cloudflare solves it
Workers + Agents SDK build auth/scheduling/triage agents on global serverless platform. Durable Objects maintain stateful multi-step authorization conversations. Workers AI provides edge inference with data residency. Code Mode executes auth workflow scripts instead of thousands of API calls — 99% token reduction. R2 stores clinical docs and payer rules with zero egress.
Products
Workers, Agents SDK, Durable Objects, Workers AI, AI Gateway, R2, D1, Queues, Workflows, Code Mode
Customer KPIs
40% prior auths without human (MUSC benchmark); Auth time: 14 days toward 7-day CMS mandate; 85% abandonment reduction (Sutter benchmark); 99% token cost reduction (Code Mode); No-show reduction via AI scheduling; Staff reallocated from manual auth to patient care
The problem
VPN provides binary trust (connected/not) — can't express nuanced healthcare policies: full EHR access from hospital workstation but read-only from personal tablet; traveling nurse accesses assigned facility but not from coffee shop; revenue cycle vendor sees claims but not clinical notes. Change Healthcare + CrowdStrike showed centralized access creates cascading single points of failure.
How Cloudflare solves it
ZTNA replaces VPN with identity + device + location + time policies. Integrates with Imprivata for badge-tap workflow. DEX monitors EHR performance at every hospital/clinic/home. SWG filters at edge without backhaul latency for real-time clinical systems. RBI enables agentless access from partner facility unmanaged devices. Email Security blocks clinical phishing.
Products
Cloudflare Access (ZTNA), DEX, Secure Web Gateway, WARP, Device Posture, Remote Browser Isolation, Email Security, PQC
Customer KPIs
VPN decommissioned for EHR access; Context-aware policies enforced; EHR access latency reduced (no backhaul); Traveling nurse onboarding: agentless via RBI; IT visibility at every access point via DEX; Phishing credential compromise reduced
The problem
FHIR APIs expose the most sensitive data via REST endpoints now internet-facing for the first time. Must be open to authorized apps (SMART on FHIR) while secured against exfiltration. Health systems deploy FHIR rapidly for CMS deadlines without adequate security review. Complex OAuth landscape via SMART on FHIR framework. Automated data harvesting mimics legitimate application behavior.
How Cloudflare solves it
API Shield auto-discovers all FHIR endpoints including shadow APIs from rushed CMS compliance. Schema validation enforces FHIR R4 resource specs. Rate limiting prevents endpoint overwhelm. Per-partner mTLS authenticates HIE/QHIN connections. Sequence detection identifies data harvesting mimicking SMART on FHIR behavior. Ricochet caching improves eligible FHIR resource response times.
Products
API Shield (Auto-Discovery, Schema Validation), API Gateway (Ricochet), Rate Limiting, mTLS, Sequence Rules, WAF
Customer KPIs
100% FHIR endpoints discovered including shadow APIs; FHIR R4 schema validation enforced; HIE/QHIN connections mTLS-authenticated; Data harvesting detected via sequence rules; API latency improved via Ricochet caching; CMS compliance met with security from day one
The problem
Patient portal credentials provide access to the most comprehensive personal data available anywhere — full medical history, prescriptions, SSN, insurance, family members. Credential stuffing enables insurance fraud, prescription diversion, clinical record manipulation. Healthcare UX constraint: CAPTCHA friction directly impacts care access and health equity for elderly/disabled. Traffic surges are unpredictable (pandemics, vaccine campaigns).
How Cloudflare solves it
Bot Management uses ML/behavioral/fingerprinting to stop stuffing without CAPTCHA — critical for healthcare equity. Turnstile provides invisible challenges. Leaked Credentials Detection flags at-risk accounts before PHI accessed. Waiting Room manages enrollment/vaccine/public health surges with FIFO. Page Shield detects Magecart on portal billing pages.
Products
Bot Management, Turnstile, Leaked Credentials Detection, Waiting Room, Page Shield, WAF, Rate Limiting
Customer KPIs
Credential stuffing blocked without care-access friction; At-risk accounts flagged before PHI exposure; 100% availability during enrollment/vaccine surges; Zero payment data exposure via Page Shield; Portal completion rates maintained (no CAPTCHA); Insurance fraud/prescription diversion reduced
The problem
Health systems now compete for patients. CMS price transparency requires machine-readable pricing + patient-specific estimates for shoppable services. No-shows cost billions. Value-based care incentivizes proactive engagement. NHS App benchmark: 14M monthly users. Centralized architectures add latency for patients accessing from rural/remote areas. Marketing tag bloat degrades portal page load times.
How Cloudflare solves it
Workers executes scheduling logic, price transparency calculations (vary by payer contract + service code + facility), and personalization at edge. CDN + Argo Smart Routing optimize media-rich health content. Zaraz replaces client-side analytics with server-side — critical when portal perf impacts appointment completion. R2 stores provider directory/health content with zero egress. China Network for medical tourism (Bumrungrad model).
Products
Workers, CDN, Argo Smart Routing, Zaraz, R2, D1, Pages, Load Balancing, China Network
Customer KPIs
Scheduling completion rate improvement; Price transparency at edge; No-show reduction (21M visits benchmark); Page load reduction via Zaraz; Content delivery cost reduction via R2; Medical tourism performance via China Network