• How Medplum Secured Their Healthcare Platform with Docker Hardened Images (DHI) Special thanks toCody Ebbersonand the Medplum team for their open-source contribution and for sharing their migration experience with the community. • A real-world example of migrating a HIPAA-compliant EHR platform to DHI with minimal code changes. • Healthcare software runs on trust. • When patient data is at stake, security isn’t just a feature but a fundamental requirement. • For healthcare platform providers, proving that trust to enterprise customers is an ongoing challenge that requires continuous investment in security posture, compliance certifications, and vulnerability management. • That’s why we’re excited to share howMedplum, an open-source healthcare platform serving over 20 million patients, recently migrated to Docker Hardened Images (DHI).

Article Summaries:

  • Medplum, an open‑source headless electronic health record platform that serves over 20 million patients, recently migrated its Docker images to Docker Hardened Images (DHI). The switch required only 54 lines of code across five files, demonstrating DHI’s low‑friction approach to enterprise‑grade security. The migration addressed the “vulnerability noise” that plagued Medplum’s previous images, reducing the need for extensive security audits and documentation. With built‑in HIPAA and SOC 2 compliance, a FHIR R4 API, and both self‑hosted and managed deployment options, Medplum’s move to DHI strengthens its security posture while maintaining developer flexibility. The publicly available codebase makes the transition a useful case study for the broader healthcare software community.

Sources: