I can reach the openemr website from the instance’s Public IPv4 DNS. What else do I need to do to secure this more?
This is a really hard question to answer.
I would suggest using a website like https://snyk.io.
This can assist you in finding vulnerabilities. A lot of times it comes down to configuration. Unless you hire someone and you have well-documented what you did in the setup process of standing up the server. No one is going to know on this forum what has been configured and not configured.
It is up to you to figure out what you don’t know and what you need to do at this point.