...

Coordinated Security Vulnerability Program

Coordinated Security Vulnerability Program

ModMed recognizes the importance of strong security and asks clients and security researchers to work with us to investigate and fix vulnerabilities. This coordinated disclosure allows ModMed to properly develop, test, and roll out fixes to better protect the clients and patients we serve.

ModMed respects the efforts of good-faith reporters, so here is how to reach us:

  • Email [email protected] with a report of your issue
  • At a minimum, ModMed needs the following information to be included with any submission:
    • The affected systems or resource
    • Steps to reproduce the issue

If you are a ModMed customer, please contact ModMed Support and tell them you have a security report for the VDP.

Note that this program should not be construed as encouragement or permission to:

  • Decompile, disassemble, or reverse-engineer any proprietary software
  • View, modify, or destroy any protected health information or other data
  • Attempt to gain unauthorized access to data in violation of applicable law
  • Adversely impact the availability of ModMed systems

ModMed does not offer compensation for reporting potential security vulnerabilities or other issues. This document is not intended to, and does not, replace existing terms and conditions previously negotiated between ModMed and its customers.