Georgia is setting a new standard for public health by modernizing its infrastructure to better support a growing population. With Box as its Intelligent Content Management platform, the Georgia Department of Community Health (DCH) is reducing administrative bottlenecks and securing essential Medicaid workflows for millions of citizens.
DCH is one of four health agencies serving Georgia’s over 10 million people. The agency works with healthcare providers to deliver medical benefits, with rural hospitals to secure their networks, and with Medicaid to process claims and determine eligibility. Along the way, the agency processes, stores, and transmits medical data for thousands of Georgians.
Data flow is particularly critical as DCH spearheads a major rural healthcare expansion, ensuring that vital Medicaid services and protected health information (PHI) remain resilient and accessible across all 159 Georgia counties. Partnering with Box, which is FedRAMP authorized and HIPAA compliant, is one of the critical ways the DCH makes this happen. But it’s the built-in potential of Box AI that’s setting the DCH up for a more secure, nimble future.
The DCH is now using:
- Box Shield to automatically classify and protect sensitive data, detect suspicious log-in locations, and take advantage of automated data loss prevention
- Box Shield Pro for AI-driven automated and ransomware detection
- Box AIto test how complex security deliverables can be extracted from 300-page contracts — a process that usually takes weeks
- Box Zones to restrict access to the 54 U.S. states and territories and ensure sensitive data stays protected within authorized boundaries
Rural healthcare transformation without security risk
In late 2025, the federal Centers for Medicare & Medicaid Services introduced the Rural Health Transformation Program, awarding Georgia over $218,000,000 as part of that initiative. The DCH's proposal included supporting rural hospitals by leveraging the HITRUST cybersecurity framework and CrowdStrike for enhanced endpoint protection (both part of Box).
The stakes are high. Rural hospitals have been frequent targets of ransomware attacks, and the consequences extend far beyond IT disruptions. As DCH CISO Will Monahan explains, "It's more than just taking a hospital offline for a few months. It's also the ambulance that gets redirected or the person who doesn't get their MRI in a timely manner. This is life or death."
The DCH focuses acutely on cybersecurity for good reason. "We've got hundreds of millions of medical records, and we're a $22 billion dollar agency when it comes to Medicaid for the people of Georgia," Monahan notes. "It’s a lot of very sensitive information, and that's why we take cybersecurity very seriously."
Auto-labeling with Box Shield Pro
To safely handle PHI in the cloud, the DCH is rolling out Box Shield Pro. Its auto-labeling capabilities will replace an antiquated system of manual "stamping" that carried too high a cost of ownership. Specifically, DCH is testing two security features of Box Shield Pro:
- AI Classification Agent: For auto-labeling, Box Shield Pro uses an AI agent to understand the actual context and meaning of a document. It can identify sensitive data, whether it's PHI, PII, FTI, or SSA-derived info, within medical narratives or complex legal contracts, even without a specific "trigger" word or number.
- Enhanced DLP: This feature offers highly sophisticated protection, specifically Ransomware Activity Detection to monitor for mass encryption on endpoints, and AI Threat Analysis, which summarizes security alerts into plain language for the team.
"Box Shield Pro is the key enabler for us to allow our users to upload PHI to Box. Once fully operational, it's game on"
"Box Shield Pro is the key enabler for us to allow our users to upload PHI to Box. Once fully operational, it's game on," Monahan explains. Box Shield Pro will enable them to automatically identify sensitive information with AI-driven classification rules, across multiple file types including images, PDFs, and more. It also drives their data loss prevention policies because the labels can be configured to trigger download, sharing and retention rules — all without manual action by staff.
This means that healthcare facilities with limited IT resources can load PHI into the DCH's file system with certainty (and less overhead of manual content management). With unstructured data compliant and secure, the next step will be enabling users to leverage Box AI for content analysis.
Keeping data where it belongs with Box Zones
Another important aspect of enhancing security posture is controlling where data is physically held. Box Zones has been instrumental in the agency's defensive posture. During global security incidents like the 2023 MoveIt Breach, the DCH utilized geo-blocking features to prevent unauthorized exfiltration and ensure data remained within approved jurisdictions.
This multi-layered approach is backed by Box's GovRAMP and FedRAMP High authorizations, which provide the rigorous validation required to satisfy state regulators. "FedRAMP is huge," Monahan says. "If you say you maintain your logs for five years, they're going to check. If you say you train your team members, they're going to check. So if somebody else is checking, that means we don't have to check."
Managing a massive data ecosystem
With only a handful of full-time security team members and less than ten interns, supplemented by state partners including Raytheon and CrossReg, the DCH needed a force multiplier. Box AI delivered exactly that.
The agency works with many outside vendors, agencies, and partners. For years, ensuring that third-party vendors met their security obligations — like providing SOC 2 reports or HIPAA attestations — was a grueling manual effort. Staff had to comb through documents that might be 300 pages long, using basic keyword searches, a process that was slow and prone to error.
The DCH is testing the process to synthesize hundreds of business associate agreements, using Box AI to pull specific security deliverables. This will ensure that vendors receiving hundreds of millions of dollars in state funds are held accountable to their contractual requirements.
Building a culture of quality and resilience
The transformation at Georgia DCH is as much about culture as it is about technology. By removing the administrative burden of manual classification and document review, the agency is empowering employees to focus on their core mission: serving the people of Georgia. “With Box,” says Monahan, “we can ensure security is top of mind not just for our team administering it, but for our users as well, and in a way that’s not invasive to their day-to-day jobs. In fact, it’s the opposite — it makes their job easier.”
In the public sector, quality largely means security. By leveraging Box, the Georgia DCH is building a resilient infrastructure that supports rural hospitals and ensures Medicaid benefits are processed securely for millions. This approach serves as a blueprint for other state and local agencies looking to modernize — proving that with the right AI and security tools, government agencies can move quickly without compromising the trust of the people they serve.
Learn more about how Box supports the Georgia Department of Community Health in our upcoming State and Local Government Summit, where Monahan will speak with Box’s own CISO, Heather Ceylan, in a live fireside chat about how to balance keeping security top of mind while enhancing productivity. Register for the event.
