Medisao
  • Home
  • FAQ
  • Pricing
  • Blog
  • Contact

Vulnerability Disclosure

Vulnerability Reporting.

In an effort to foster an open partnership with the security community, and in recognition that the work the community does is important to ensure patient safety and security. The following organizations have opted to use this form for their Coordinated Vulnerability Disclosure Process:

  • Diagnostic Grifols, SA
  • ClearPoint Neuro
  • AbioMed
  • Cybeats Technologies Inc.
  • Summit Medical Products
  • Koh Young America
  • Talis Clinical
  • Azena Medical, LLC
  • Phillips-Medisize A/S
  • MedCrypt
  • NIKKISO CO.,LTD.
  • Beckman Coulter
  • Inovio
  • Diagnostic Grifols, SA.
  • Testing
  • Alimetry Limited
  • Qardio
  • NIHON KOHDEN CORPORATION
  • Modulated Imaging
  • Cutera, Inc
  • Inari Medical
  • PHC Corporation
  • Grifols Diagnostic Solutions
  • Vestibular First
  • Koios Medical, Inc.
  • Anumana, Inc.
  • Synergen
  • Renishaw Neuro Solutions
  • EBR Systems
  • Tandem Diabetes Care
  • NIPRO
  • Impulse Dynamics
  • med1
  • RxSight
  • THERAPIXEL
  • Director Group R&D Quality Management
  • Haemonetics
  • Cardiologs Technologies
  • FIRE1
  • Lugo & Associates, LLC

What you can expect from us:

  • Acknowledgement of form receipt within 5 business days
  • Best efforts to contact the device manufacturer directly.
  • If the manufacturer is an active member of MedISAO:
    • Escalation to the appropriate representative of Manufacturer
  • You may be contacted for more information by MedISAO or the manufacturer directly.

What we expect of you:

  • Avoid testing any products in a clinical setting or while being actively used by patients.
  • Avoid impact to the safety or privacy of any patients, by not releasing personal information on patients.
  • Comply with all laws and regulations.

  All information is encrypted with 4096-bit RSA before being sent to MedISAO's database.

  This process is subject to change without notice and there may be case by case exceptions. MedISAO provides no guarantee of any particular response or action by manufacturers.

  If you have any questions, please email confidential@medisao.com


Instructions for Manually Sending Vulnerability Reports

If you want to send vulnerability reports to MedISAO you may email it to confidential@medisao.com

Please use PGP to encrypt the message and any file attachments.

If you need help feel free to email confidential@medisao.com

Please include the Manufacturer name, Product name, and a thorough description of the vulnerability.

MedISAO Public Key