Recently, writers at zdnet put the security of OpenEMR under the microcope, but they used a very narrow field of view.
The article stated that security experts found security issues with OpenEMR, and that they were fixed, as is typical with Open Source projects.
The article then goes on to use a breach of data in Singapore’s government-sponsored healthcare system to get it’s numbers. The breach affected 1.5 million healthcare patients, including Prime Minister Lee Hsien Loong. But, what the article neglected to mention is that this breach had nothing to do with OpnEMR. This is a classic straw man argument, attempting to tie OpenEMR security, which is regularly maintained, to this epic breach in Singapore.
The reality is that OpenEMR has never had a reported breach of it’s data on a production site in it’s 15 years of evolution. The reason for this is mostly attributed to regular testing (ethical hacking) by the “White Hats” and the OpenEMR community quickly reacting and fixing security issues.