This dissertation investigates how healthcare software startups manage the risks associated with open-source software (OSS) use. Using a qualitative multi-site case study approach and thematic analysis, the study draws insights from interviews with developers, security professionals, and technology leaders in early-stage healthtech companies. Six key themes emerged: Strategic Governance and Oversight, Security and Compliance Practices, Operational Foundations and Standards, Risk Awareness and Technical Due Diligence, Technology Choices and Ecosystem Tools, and People and Culture. The findings reveal that, even in resource-constrained environments, effective OSS risk management is possible through lightweight governance, automation, and shared cultural responsibility. Practical implications include guidance for embedding security into engineering workflows, establishing scalable compliance practices, and fostering OSS literacy across roles. These insights culminate in a practitioner-focused playbook that translates the study’s findings into actionable tools for startup teams. The research contributes to the emerging literature on OSS governance in lean technology organizations and healthcare software ecosystems.