Security of electronic medical records (EMR) data is very important in maintaining the confidentiality, integrity, and availability of sensitive patient information. This study aims to conduct a security analysis of the EMR application used at UPTD RSD Besemah Pagar Alam City using the Penetration Testing method. This method is carried out to identify, exploit, and provide solutions to potential vulnerabilities in the EMR application system. Penetration Testing is carried out through several stages, namely information collection, scanning, exploitation, and post-exploitation, using tools such as Nmap, and OWASP ZAP. The results of the study showed several vulnerabilities in the application, including SQL Injection, Cross-Site Scripting (XSS), and weaknesses in authentication management that could allow unauthorized access to patient data. In addition, exposure to sensitive data that was not properly protected was also found. Based on the results of this test, several recommendations were made to improve system security, such as updating security patches, implementing encryption on all sensitive data. By implementing the recommended mitigation steps, the security of the EMR system at UPTD RSD Besemah is expected to be significantly improved, so that the risk of data leakage can be minimized. This research provides a real contribution in strengthening the security of electronic medical record applications. and is expected to be a reference in improving security systems in other health care institutions.