Well the closed-source EHR applications that use NoSQL databases such as MUMPS (InterSystems Caché) probably don't have many SQL injection vulnerabilities.