Maintaining healthcare uptime using AWS WAF with Docplanner

Docplanner connects tens of millions of patients with more than 260,000 doctors in 13 countries, offering tools to help manage visits and accelerate diagnoses and treatments.

As the company grew, it needed to protect its applications from large-scale security threats, such as DDoS events. “We were measuring the financial impact of DDoS events and other security events, and that pushed us to look for an enterprise network filtering solution,” says Matteo Manzoni, staff platform security engineer at Docplanner. The company tried several third-party solutions but didn’t find one that matched its need for the highest security and cost-efficiency.

To reduce overhead while protecting sensitive healthcare data, Docplanner decided on AWS because it includes security in every layer of its services and provides detailed controls to meet the strict needs of companies in the highly regulated healthcare industry.

Docplanner worked with Tameshi, an AWS Partner, to develop a proof of concept and launch a new security solution using AWS WAF, a service for protecting web applications from common exploits. Within months, the company deployed the solution for two primary use cases: filtering incoming traffic and defending against DDoS events. “The biggest improvement is that our services continue to run because they aren’t being impacted by DDoS events,” says Manzoni.

By categorizing traffic, the solution prioritizes legitimate requests over bots and scrapers. That improves response times for patients and doctors while reducing server load. Docplanner also enforces its acceptable use policy more effectively, protecting sensitive data.

During the NoName057(16) DDoS campaign in December 2024, traffic for Docplanner spiked by 156 Gbps in just 5 minutes. While a previous, smaller event had caused 15 minutes of downtime, during the December 2024 incident AWS WAF automatically filtered the malicious traffic, minimizing disruption. Services stayed available and only 5 percent of users experienced errors. “Using AWS WAF was critical during the DDoS event,” says Manzoni. “By using rate-based rules and some other digital signatures, we were able to detect the event, engage the rate-limit rule automatically, and prevent the malicious traffic from impacting our services.”

Using AWS WAF, Docplanner has significantly greater visibility into its traffic and can respond quickly. “We can take preventative action based on what we find, whether it’s a misconfiguration that’s generating traffic or a real DDoS event,” says Manzoni. “We can act on a massive scale without fiddling with individual policies.” Docplanner is also exporting logs from AWS WAF to Amazon Simple Storage Service (Amazon S3), which provides object storage built to retrieve any amount of data from anywhere. Engineers can analyze events and design new rules against emerging threats.

By securing its network using AWS WAF, Docplanner is protecting data, blocking terabytes of malicious traffic, and increasing efficiency. During the first 4 months of 2025, Docplanner automatically blocked 1.1 million malicious requests and stopped 4.9 TB of harmful traffic. By updating its network security on AWS, the company improved response time by 80 percent during large-scale traffic events—such as a DDoS event—and achieved a solution that is 30 percent more cost-effective than comparable options. “We decreased the operations effort needed to maintain network security compared to our previous solution,” says Manzoni. “And we decreased incidents related to network events, which contributed to the cost savings that we achieved using AWS WAF.”

Docplanner has also gained new customers by expanding its compliance, achieving ISO 27001 certification. “Expanding compliance has been a multiplier for the business,” says Manzoni. As the company’s compliance requirements increase over time, using AWS WAF provides critical risk management controls to mitigate any potential threats to the availability and confidentiality of its customer data.

Looking ahead, Docplanner is exploring AI on Amazon Bedrock—a comprehensive, secure, and flexible service for building generative AI applications and agents—to analyze security logs and refine acceptable use policies. “Uptime is money,” says Manzoni. “By using AWS WAF, we’re more efficient in keeping our services up, and we’re not wasting money by serving requests that come from DDoS events.”