Question:
Hello I’m a college student who are working at the project related to OpenMRS. This is the question what my team want to research about. Has OpenMRS anywhere, ever come under attack by any person or organization before? If so, what assets were exposed? What resources were compromised and what was the extent of the damage? Was the damage repairable? What security measures were put in place to avoid any subsequent attacks of similar nature?
Please answer the questions if you know about the answers or have a specific opinions about these. Thank you.
May be someone who has experienced a breach can answer more specifically. But I wanted to point you to a resource thats valid for US EHR systems implementation - https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf. This has breaches that affects more than 500 individuals. I tried searching for OpenMRS in the descriptions of the notifications and it didn’t yield any results. But given that most OpenMRS implementations are not in the US, I was kind of expecting that.
Are you talking about our (online) community, or one of our products as used in a customer setting? If the former, we haven’t had any specific attacks on our infrastructure beyond occasional spam and non-specific DDOS attacks. If the latter, that question is probably better directed to our Implementing category to get reports directly from the users/installations of OpenMRS products.