Back to Case Studies
healthcare

Orthanc PACS Deployment

Production DICOM PACS system deployed on AWS for healthcare startup. Orthanc + S3 + PostgreSQL architecture handling 1500+ DXA bone density scans with VPN-only access, automated backups, and CloudWatch monitoring. Deployed in 3 weeks with defense-in-depth security.

20255 min read
Orthanc PACS dashboard showing DICOM studies list, patient metadata, and system monitoring with CloudWatch metrics

The Challenge

Healthcare startup needed secure DICOM storage for DXA (bone density) scans. Required fast deployment (3 weeks), cost-effective cloud solution, and production-grade security with VPN-only access. No public exposure of medical data, but needed REST API for programmatic integration with their frontend systems.

Client operates B2B SaaS platform for telemedicine providers. They needed PACS backend to store 1500+ studies with room to scale. Budget constraints ruled out commercial PACS ($50K+ licensing). Required HIPAA-ready security with encryption at rest and in transit, automated backups, and monitoring/alerting for uptime.

Key Constraints

  • 3-week deployment timeline for production system
  • VPN-only access - zero public internet exposure
  • Cost-effective at small scale (1500-5000 studies)
  • Must support REST API for integration
  • Defense-in-depth security (multiple layers)
  • Automated daily backups with 30-day retention
  • Production monitoring and alerts

Our Approach

Deployed open-source Orthanc DICOM server on AWS with S3 storage backend. Used Docker for simple deployment, PostgreSQL for metadata indexing, and CloudWatch for monitoring. Security via defense-in-depth: VPN tunnel + Security Groups + HTTPS + S3 encryption. Chose self-managed PostgreSQL over RDS to minimize costs at current scale.

Key Technical Decisions

  • Orthanc over commercial PACS - proven in production hospitals, free, Docker-ready, S3 plugin available
  • S3 over EBS for storage - cheaper at scale ($0.023/GB vs $0.08/GB), infinite scalability, lifecycle policies
  • Self-managed PostgreSQL on EC2 - $0 vs $30-60/month for RDS, daily backups to S3 sufficient at this scale
  • Docker Compose over Kubernetes - simpler for single-instance deployment, easier to reproduce and troubleshoot
  • Self-signed HTTPS cert - faster deployment than public CA, certificate pinning possible for security
  • CloudWatch native monitoring - no need for external monitoring tools, SNS email alerts sufficient

Timeline: 3 weeks - Week 1: Core infrastructure (Orthanc + S3 + PostgreSQL + HTTPS). Week 2-3: Monitoring, automated backups, documentation, client validation.

Implementation

Week 1: Production-Ready Core

Deployed EC2 instance with Docker, configured Security Groups (VPN IPs only), set up Orthanc container with S3 plugin and PostgreSQL backend, generated self-signed HTTPS certificate. Client validated end-to-end DICOM upload/retrieval via VPN.

1 week

Week 2-3: Monitoring & Automation

Configured CloudWatch alarms (disk >80%, CPU >70%, PostgreSQL failures), implemented daily PostgreSQL backup to S3 via cron with 30-day retention, created complete documentation (API examples, runbook, architecture diagram), 1-week post-delivery support.

1-2 weeks

System Architecture

Orthanc PACS architecture diagram showing VPN tunnel, Security Groups, Orthanc container, PostgreSQL database, S3 storage, and CloudWatch monitoring

Orthanc 1.11+ deployed in Docker container on EC2 t3.medium (2vCPU, 4GB RAM). S3 plugin stores DICOM pixel data in encrypted S3 bucket (AES-256 server-side encryption). PostgreSQL 15 indexes metadata for fast queries. Security Groups restrict access to client VPN IP ranges only. Orthanc native SSL/TLS provides HTTPS with self-signed certificate. CloudWatch alarms monitor disk usage >80%, CPU >70% for 5+ minutes, PostgreSQL connection failures - all trigger SNS email notifications. Daily cron job dumps PostgreSQL to S3 with 30-day retention policy. Docker Compose orchestrates Orthanc + PostgreSQL containers with volume persistence and automatic restart. REST API accessible via VPN for frontend integration.

Technology Stack

Orthanc DICOM ServerPostgreSQL 15AWS EC2AWS S3Docker ComposeCloudWatchSNSCloudWatch AlarmsSNS Notifications

Results & Impact

Under 2sStudy Listing

Query performance for 1500+ studies via REST API

$70-80Monthly Cost

EC2 + S3 + backups + monitoring (vs $50K+ commercial PACS)

99.9%+Uptime

Monitored via CloudWatch with automated alerts

3 weeksDeployment

From requirements to production with full monitoring

  • Deployed production PACS in 3 weeks vs months for commercial solutions
  • Saved $50,000+ upfront licensing costs using open-source Orthanc
  • Achieved $70-80/month operating costs vs $5,000/year commercial maintenance
  • Defense-in-depth security: VPN + Security Groups + HTTPS + S3 encryption
  • Automated daily backups with 30-day retention for disaster recovery
  • CloudWatch monitoring enables proactive issue detection (disk, CPU, database)

What We Learned

  • Open-source PACS (Orthanc) is production-ready - powers hospitals worldwide, excellent for startups and small clinics.
  • S3 perfect for medical imaging - write-once read-occasionally pattern, cheap storage, lifecycle policies for archival, built-in redundancy.
  • Defense-in-depth is non-negotiable for medical data - any single layer can fail, multiple layers ensure security (network + VPN + encryption + auth).
  • Self-managed PostgreSQL works at small scale - for <10K studies, self-managed on EC2 saves $30-60/month vs RDS. Migrate to RDS when scaling.
  • Docker simplifies PACS deployment - traditional PACS deployment is nightmare of dependencies, Docker makes it reproducible and portable.
  • Start simple, plan for HA - single-instance deployment sufficient for startup scale. Easy to add load balancer + second instance when needed.

Have a similar project in mind?

Let's discuss how we can help you build it

More Case Studies

Speech Coach AI platform dashboard showing real-time speech analysis with pace tracking, filler word detection, and emotional tone visualization

Speech Coach

AI-powered speech coaching platform that democratizes public speaking improvement. Built with Next.js and LLM APIs, the platform analyzes speech in real-time, providing instant feedback on pace, clarity, filler words, and emotional tone. Serving 10K+ users who need affordable, 24/7 access to personalized coaching—replacing expensive $100-300/hour human coaches with AI that scales.

DICOM Routing Platform dashboard displaying medical imaging data flow, real-time monitoring of 100GB+ daily DICOM transfers, and microservices health status

DICOM Routing Platform

Enterprise medical imaging platform built for US telemedicine providers to route DICOM data from distributed clinics. Processes 100GB+ daily with zero downtime using microservices architecture (FastAPI, Redis Streams, HAProxy). Ensures HIPAA compliance, provides audit trails for healthcare regulations, and scales seamlessly from single-clinic to multi-site deployments. Features real-time monitoring dashboard and handles concurrent connections from dozens of imaging devices.

AI Education Platform interface showing Jupyter notebook environment with GPU resource monitoring, medical dataset access, and student workspace management for 40 concurrent users

AI Education Platform

Government-funded platform for healthcare AI training in Korea, replacing expensive cloud services with on-premise GPU infrastructure. Built with NestJS and FastAPI to manage 40 concurrent students across 4 Tesla V100 GPUs partitioned via NVIDIA MIG. Features isolated Jupyter environments, unlimited GPU access for medical dataset training, custom Prometheus monitoring for GPU utilization, and role-based access to shared/private datasets. Solved the challenge of providing secure, cost-effective AI education at scale.

PACS platform study list interface showing advanced filtering, batch operations, and real-time study management with pagination and search

PACS Platform Modernization

Complete modernization of legacy PACS system handling 21TB of medical imaging data. Custom Next.js platform with Orthanc backend, PostgreSQL indexing, and Redis caching. Improved performance from 3-4 studies/second to 100 studies in under 2 seconds. Multi-site deployment with role-based access control and OHIF viewer integration.