4 posts tagged with "security"

Demonstrating commitment to cybersecurity and information protection: HITRUST Certification validates the Medplum Platform is meeting rigorous cybersecurity and data protection standards through independent assessment and assurance.

San Francisco, Calif., June 1, 2026 – Medplum, a leading provider of open-source healthcare developer infrastructure, today announced its Medplum Platform residing at Amazon Web Services (AWS) has earned certified status from HITRUST for cybersecurity and information protection.

We're excited to share a new open-source project from the community that addresses a common developer challenge: integrating with legacy healthcare systems. HealthChain, an open-source Python framework, makes it easier to connect AI/ML pipelines to healthcare systems.

This project is a perfect example of how the open-source community is tackling real-world problems. It was created by Jennifer Jiang-Kells, an honorary researcher at the University College London Hospitals (UCLH) NHS Foundation Trust, highlighting its roots in a premier healthcare institution.

At Medplum, our mission is to provide the open source developer platform for healthcare. We believe that open source is the best way to build secure and interoperable healthcare applications. However, with the rising concern over software supply chain attacks, we understand that being "open source" isn't enough; we need to actively prove our commitment to security.

That's why a few months ago, we decided to ramp up our participation in the Open Source Security Foundation (OpenSSF). We're excited to share the progress we've made in two of their key programs: the Best Practices Badge and the Scorecard.

As a founder, you wear a lot of hats. One of mine is handling the security reports that land in our inbox.

Thanks to a strong security posture, including regular third-party pen tests, genuine vulnerability reports are rare. However, like any online business, we see a steady stream of security inquiries. These tend to fall into two distinct camps: the valuable, good-faith reports from legitimate researchers... and the noise.