UrsaClimb Logo

How Medplum Secured Their Healthcare Platform with Docker Hardened Images (DHI)

Docker Blog
by Jennifer Kohl
February 19, 2026
AI-Generated Deep Dive Summary
Medplum, a leading open-source healthcare platform serving over 20 million patients, has successfully migrated its HIPAA-compliant EHR system to Docker Hardened Images (DHI) with minimal code changes—just 54 lines across five files. This transition highlights how DHI can deliver enterprise-grade security while reducing "vulnerability noise," a common challenge for high-growth platforms in the healthcare sector. By eliminating non-essential packages from standard distributions, Medplum significantly streamlined its security posture, minimizing the need to investigate and document low or medium CVEs during audits. Healthcare software development is inherently complex due to stringent compliance requirements and integration needs with existing EHR systems. Medplum faced "security toil," where routine investigations into vulnerabilities added significant overhead. While distroless images initially helped reduce this issue, they still posed challenges by including unnecessary packages that triggered security flags during audits. Migrating to DHI addressed these concerns, ensuring a leaner and more secure environment. This case study underscores the importance of adopting hardened container images for DevOps teams aiming to enhance security without compromising development efficiency. Medplum's experience demonstrates how minimal changes can yield substantial improvements in compliance and reliability, making it a valuable reference for other healthcare platforms and organizations in highly regulated industries. For developers focused on building innovative healthcare applications, leveraging DHI not only simplifies audits but also accelerates time-to-market by reducing security-related friction. As the demand for secure, scalable healthcare solutions grows, Medplum's journey with Docker Hardened Images serves as a testament to the benefits of prioritizing robust security frameworks. By addressing "vulnerability noise" and streamlining compliance efforts, DHI enables organizations to focus on innovation while maintaining trust with their customers. For DevOps professionals and engineering teams, this real-world example highlights the transformative potential of adopting enterprise-grade containerization strategies.
Verticals
devopscontainers
Originally published on Docker Blog on 2/19/2026