top of page



In an effort to foster an open partnership with the security community, and in recognition that the work the community does is important to ensure patient safety and security. The following organizations have opted to use this form for their Coordinated Vulnerability Disclosure Process:

  • Promenade Software, Inc

  • Summit Medical Products

  • Modulated Imaging

  • Diagnostic Grifols, SA.

  • PHC Corporation


what you can expect from us

  • Acknowledgement of form receipt within 5 business days

  • Best efforts to contact the device manufacturer directly.

  • If the manufacturer is an active member of MedISAO:

    • Escalation to the appropriate representative of Manufacturer

  • You may be contacted for more information by MedISAO or the manufacturer directly.

what we expect from you

  • Avoid testing any products in a clinical setting or while being actively used by patients.

  • Avoid impact to the safety or privacy of any patients, by not releasing personal information on patients.

  • Comply with all laws and regulations.

   * All information is encrypted with 4096-bit RSA before being sent to MedISAO's database.

   * This process is subject to change without notice and there may be case by case exceptions. MedISAO provides no guarantee of any particular response or action by manufacturers.

If you have any questions, please email​.

bottom of page