Mayo Clinic operates three major campuses across Arizona, Florida, and Minnesota, plus a health system extending into Wisconsin and Iowa - infrastructure that creates a massive, distributed attack surface across clinical care, medical research, and education systems. The threat model spans patient data at rest and in transit, research IP, medical devices, and the operational technology that keeps critical care running. This is healthcare infrastructure where downtime or breach has immediate physical consequences.
The tech stack runs on Google Cloud Platform and Microsoft Fabric with Epic as the core EHR, supported by SQL, BigQuery, OneLake, and Dataflow for data warehousing and ETL pipelines. Machine learning and AI workloads layer on top, which means securing model training data, inference endpoints, and the integrations between clinical decision support and production systems. Security teams deal with cloud-native tooling, legacy medical device networks, and the regulatory constraints of HIPAA-compliant environments at global scale.
As a nonprofit academic medical center ranked consistently at the top of U.S. News & World Report's hospital rankings, Mayo handles sensitive research data alongside patient records from a global patient base. The organization's mission integrates clinical practice, education, and research - three domains with different data sensitivity profiles, access patterns, and compliance requirements that security architecture must reconcile without breaking clinical workflows or research velocity.