Customer Stories / Healthcare / United States

athenahealth Logo

Strengthening Security Posture While Saving on Inspection Costs Using AWS Security Services with athenahealth

Learn how healthcare company athenahealth centralized network security at scale using AWS.

95% reduction

in inspection costs by moving to centralized deployment model on AWS

120 accounts protected

using AWS Network Firewall in 5 days


monitoring capabilities


security posture


infrastructure deployments


With the ever-present risk of cyberattacks and the importance of keeping data secure, healthcare software provider athenahealth Inc. (athenahealth) wanted to enhance its network security posture to provide optimal service to its customers by simplifying monitoring while improving visibility into egress traffic. For this security project, athenahealth decided to use Amazon Web Services (AWS) security services to complement its existing investment in AWS infrastructure.

athenahealth adopted AWS Network Firewall, which businesses can use to define firewall rules that provide fine-grain control over network traffic, to build a rapid egress security solution and adopt a centralized deployment model for its virtual private cloud (VPC) infrastructure. The company enhanced its security posture in a matter of days without impacting developer productivity. Now, it has better egress traffic monitoring and can scale its network security without disruptions. athenahealth has also automated many processes to accelerate development by its small team.

Determined Handsome Doctor Uses Digital Tablet Computer while Walking Through Hospital Hallway. Modern Bright Clinic with Professional Staff.

Opportunity | Automating Security in the Cloud Using AWS Network Firewall for athenahealth

Founded in 1997, athenahealth works with healthcare organizations to provide products that help people across the healthcare industry. The company provides technology, insights, and expertise to help organizations improve clinical and financial results. As part of its mission to provide data-driven insights in a way that protects the privacy and security of people’s data, athenahealth wanted to provide the most secure networking environment possible for its services and resources running on AWS. athenahealth saw an opportunity to focus renewed attention on its VPC infrastructure and continue to meet evolving security needs. In December 2021, the company developed a long-term security strategy: to build a new solution for egress traffic monitoring. At the center of that long-term strategy was the decision to implement it using AWS.

athenahealth had been using AWS services since 2016 to automate its VPC infrastructure. When it launched the project, the company was able to rapidly deploy security changes and add AWS Network Firewall to hundreds of VPCs across 120 accounts within just a few days. “We were drawn to AWS Network Firewall because the managed solution meant that we wouldn’t have to look at scaling solutions or worry that we’d always have enough capacity,” says Mike McGinnis, senior engineering manager for the public cloud team at athenahealth. “Having all that done automatically on AWS was a huge win.”


Working on AWS has been exceptional. We were able to set up our egress monitoring system and forget it. This project has set us up for continued success into the future.”

Aaron Baer
Principal Member of the Technical Staff on the Cloud Infrastructure Engineering team, athenahealth Inc.

Solution | Using AWS Network Firewall to Improve Security Posture While Reducing Inspection Costs by 95%

Instead of deploying AWS Network Firewall across all 120 accounts individually, athenahealth distributed its new policies to all firewalls natively across the organization using AWS Resource Access Manager (AWS RAM), which businesses can use to simply and securely share AWS resources across multiple accounts. As a result, it rolled out the changes efficiently and began routing traffic through its new system quickly. Then, athenahealth began redesigning its security architecture to use a centralized deployment model on AWS.

athenahealth had already been using AWS Transit Gateway, which connects Amazon VPCs, AWS accounts, and on-premises networks to a single gateway. Now, by adopting AWS Network Firewall, athenahealth can automatically inspect any traffic that’s leaving the private network space. And AWS Network Firewall automatically saves all firewall logs to a central location, so teams can see what traffic is being affected. On AWS, athenahealth built a system for monitoring egress traffic that’s cost effective and scalable. By moving to a centralized deployment model on AWS, the company reduced its overall inspection costs by 95 percent. “We used the flexibility of AWS services to iterate on changes quickly and ultimately reach a deployment that reduced our spend significantly,” says Aaron Baer, principal member of the technical staff on the cloud infrastructure engineering team at athenahealth.

Running network security in the cloud also made athenahealth’s infrastructure seamlessly scalable. “By scalable, I mean it’s AWS magic,” says Baer. “We don’t have to think about scalability at all.” On AWS, the company doesn’t have to worry about dynamic resource provisioning because network gateways will automatically scale based on traffic. “Scalability on AWS was a huge benefit, and we were able to implement this with a small team,” says Baer. Just eight people designed and rolled out the new security design with no disruptions. athenahealth secures its data as it moves between the on-premises environment and AWS using AWS Direct Connect, which creates a dedicated network connection to AWS.

“There was always an AWS tool that we could incorporate with minimal interruption,” says McGinnis. The company manages its network infrastructure using AWS CloudFormation, which speeds up cloud provisioning with infrastructure as code. This ability to implement changes using infrastructure as code was a huge benefit. “For being such a highly technical project, it was simple on AWS,” says Baer. “We didn’t have to consider capacity or maintenance.” athenahealth manages firewall rules using an AWS CloudFormation template in its code repository. When athenahealth makes changes, the pipeline automatically introduces them into the firewall. This automation has simplified development. Now, developers can submit a fix for any issue as a pull request in the repository instead of flagging an issue and waiting potentially hours for another team to locate and fix it. “We greatly reduced the operational burden on the engineering teams while still providing the security value that we wanted,” says McGinnis.

Outcome | Gaining the Confidence to Iterate Further in the Cloud

The overall project was a huge success. “This project exceeded our expectations in terms of how fast we were able to move all traffic to a centralized inspection model with minimal impact,” says McGinnis. “We’ve had this running for almost 1 year, and it’s been smooth sailing. Implementing this on AWS has enhanced our security posture the way that we hoped it would.”

The company has already begun plans to use AWS Shield, a managed distributed denial of service protection service that safeguards applications running on AWS. “Working on AWS has been exceptional,” says Baer. “We were able to set up our egress monitoring system and forget it. This project has set us up for continued success into the future.”

About athenahealth Inc.

athenahealth Inc. partners with healthcare organizations to provide modern technology and insights that drive clinical and financial results for customers and their patients.

AWS Services Used

AWS Network Firewall

With AWS Network Firewall, you can define firewall rules that provide fine-grained control over network traffic.

Learn more »

AWS Transit Gateway

AWS Transit Gateway connects your Amazon Virtual Private Clouds (VPCs) and on-premises networks through a central hub.

Learn more »


AWS Resource Access Manager (AWS RAM) helps you securely share your resources across AWS accounts, within your organization or organizational units (OUs), and with IAM roles and users for supported resource types.

Learn more »

AWS CloudFormation

AWS CloudFormation lets you model, provision, and manage AWS and third-party resources by treating infrastructure as code.

Learn more »

More Healthcare Customer Stories

no items found 


Get Started

Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.