Bumrungrad International Hospital has been at the forefront of medicine in Thailand for over 40 years. With multiple international accreditations, the 580-bed private hospital has a strong reputation for innovation and quality. Every year, the hospital serves over a million patients from 190 countries.
Bumrungrad has always used technology to improve their standard of care. The hospital is an early adopter of emergent medical procedures like robotic-assisted surgery. In 2000, when most healthcare organizations were still exploring integrated patient management systems, Bumrungrad developed and implemented one of the first end-to-end hospital information systems in Thailand. This forward-thinking approach allows Bumrugrad to handle outpatient volumes of 5,500 visitors daily without compromising patient experience or care.
As a medical services provider in the highly regulated healthcare sector, Bumrungrad prioritizes patient confidentiality. Providing effective communications and a convenient method of evaluating and booking hospital services and accessing clinical results are also important.
“Patient health information and personal and clinical data are our top security priorities. At the same time, however, we want to empower our patients by making our services and their personal data easily accessible through the Bumrungrad application,” says Wisut Ua-Anant, Bumrungrad’s Chief Digital MarTech Officer. “That means creating secure services that allow them to find a doctor, make an appointment and purchase health screening packages as well as accessing and, where necessary, sharing their personal medical information like prescriptions, lab, and test results.”
Medical privacy is an important element of these digital experience goals. Bumrungrad must satisfy information management standards established by hospital accreditors like the Joint Commission International (JCI), along with international regulatory requirements for Protected Health Information (PHI) like the European General Data Protection Regulation (GDPR), US Health Insurance Portability and Accountability Act (HIPAA), and World Health Organization (WHO) guidelines.
Bumrungrad also required protection from automated bot traffic and DDoS attacks.
“Personal health data is a valuable asset to cybercriminals,” says Ua-Anant. “To get that data, they use a variety of methods to access a hospital’s networks.”
COVID-19, which required Bumrungrad to shift their focus toward the domestic Thai healthcare market, created additional challenges.
“One of the major impacts of the COVID-19 pandemic was a significant reduction in the hospital’s international business and a need to refocus on the needs of domestic patients during the crisis,” says Ua-Anant. “Bumrungrad is one of the private hospitals supporting the Thai government by administering COVID-19 vaccinations to patients.”
Bumrungrad engaged Cloudflare as their security partner in 2019, first adopting Cloudflare core internet security services to replace and expand on their existing protections. A primary benefit to the hospital was that Cloudflare provides CDN, Web Application Firewall (WAF), and Bot Management services that are consistent with HIPAA and HITECH requirements.
“We started with caching, WAF, and country IP blocking to limit special offers to specific counties and regions,” says Ua-Anant. “Our previous solutions adequately guarded our assets, but Cloudflare provided better compliance and services that improved performance and enhanced security to our platforms.”
In addition to Cloudflare security, the hospital deployed Cloudflare Images, which helps store, optimize, and resize images in the cloud to ensure responsive delivery to all customer devices.
To address their concerns over deploying Cloudflare without disruption to the performance of their web properties or customer services, Bumrungrad partnered with a local Cloudflare partner to further ensure efficient delivery.
“The test stages went well, and our entire implementation was a very smooth process,” says Ua-Anant. “Post implementation, we continue to receive rapid, high-quality support from the local and international Cloudflare teams despite a difference in time zones.”
Since moving to the Cloudflare global network, Bumrungrad has seen significant performance and security gains.
“In Thailand and other countries in the Asian region, our website is around 12% faster. Our content-rich pages are rendered in less than 1.5 seconds,” says Ua-Anant. “By offloading traffic to the Cloudflare cache on the edge, we save about 89% in bandwidth and associated costs.”
When it comes to mitigating volumetric threats like bots and DDoS attacks, the gains at Bumrungrad are equally significant — the Cloudflare WAF, bot management, and rate limiting stop an average of 37,000 threats to the hospital site and web applications each month.
“Cloudflare ensures that our patient data is safe and secure. It also helps maintain our network perimeter, so we can focus on delivering technology and maintaining patient trust,” says Ua-Anant. “Cloudflare’s ease of use, automatic updates, and automatic threat protection save us time and manpower while allowing us to maintain a high level of cybersecurity against threats that could harm our patients and our business.”
The Bumrungrad website experienced a significant challenge at the onset of the Covid-19 pandemic after the hospital announced their vaccination program and the availability of the Moderna vaccine in Thailand.
“When we made the alternative vaccine available for online registration, traffic to the Bumrungrad website and our online booking application spiked,” says Ua-Anant. “Overnight, more than two million users tried to access our website to reserve vaccinations and make appointments.”
To deal with the traffic, Bumrungrad turned to Waiting Room, the rapidly-configurable Cloudflare queue and traffic management solution. After setting Waiting Room up directly through the Cloudflare dashboard, Bumrungrad dynamically routed their mobile and desktop users offsite to a responsive, hospital-branded virtual queueing page. By managing traffic on the fly in this way — rather than returning error messages or subjecting patients to over-long load times — Waiting Room protected the hospital's origin servers and kept the site from being overwhelmed, and prevented abandoned registrations by informing patients of their progress.
“Cloudflare was instrumental in helping us manage website traffic throughout the vaccine registration surge,” says Ua-Anant. “Waiting room kept the site online while maintaining a positive user experience that allowed our patients to complete their registrations and online purchases. It kept the website working like it should.”
Moving forward, Bumrungrad plans to use their partnership with Cloudflare to continue building strong foundations for a digital healthcare ecosystem based on an edge infrastructure that supports their telemedicine and telehealth services and direct-to-nurse chat as well as forwarding their automated marketing, online purchasing, and ePayment initiatives.
“The standard of Cloudflare services is great, and they keep improving,” concludes Ua-Anant. “We are looking forward to exploring new Cloudflare offerings that we can use to enhance future application development.”
89% reduction in bandwidth-associated costs
Site performance gains of over 12%, rendering content-rich web applications in under 1.5 seconds
Maintained site uptime and performance during traffic surges, allowing patients to complete registrations and online purchases
Over 37,000 volumetric DDoS and bot attacks blocked monthly
“Cloudflare ensures that our patient data is safe and secure. It also helps maintain our network perimeter so we can focus on delivering technology and maintaining patient trust.”
Wisut Ua-Anant
Chief Digital MarTech Officer
“Cloudflare’s ease of use, automated updates, and automated threat protection save us time and manpower while allowing us to maintain a high level of cybersecurity against threats that could harm our patients and our business.”
Wisut Ua-Anant
Chief Digital MarTech Officer