How Medplum Secured Their Healthcare Platform with Docker Hardened Images (DHI)

Container security has become a decisive factor for healthcare software providers, where patient data protection is both a regulatory mandate and a market differentiator. Traditional base images often carry legacy packages that trigger low‑ and medium‑severity CVEs, creating “vulnerability noise” that drains engineering resources. Docker Hardened Images address this gap by delivering minimal, non‑root images that are continuously patched and validated against industry standards, allowing platforms like Medplum to align their technical safeguards with HIPAA and SOC 2 requirements without reinventing hardening processes.

From a DevOps perspective, DHI simplifies Dockerfile maintenance and accelerates build pipelines. By leveraging purpose‑built variants—such as a development‑stage node image with package managers and a lean runtime image—teams can adopt a clean multi‑stage build pattern that keeps build tools out of production containers. The automatic non‑root execution and exclusion of shells reduce the attack surface, while Docker’s upstream updates ensure timely remediation of critical CVEs. Integration into existing CI/CD workflows is seamless, as demonstrated by Medplum’s GitHub Actions that authenticate to the DHI registry using standard Docker Hub credentials.

The broader implication for the health‑tech ecosystem is a lowered barrier to achieving compliance‑ready container deployments. Organizations can now cite Docker’s independently validated hardening methodology during security audits, cutting down on documentation overhead and accelerating sales cycles with enterprise customers. As more providers adopt DHI, the industry moves toward a standardized security baseline, enabling faster innovation while maintaining the rigorous safeguards demanded by regulators and patients alike.