Security Vulnerability Disclosure

MRIMath is committed to protecting patient safety, clinical operations, and the confidentiality, integrity, and availability of healthcare data. We welcome responsible reporting of security vulnerabilities and handle them in a coordinated, risk-based manner.

How to Report a Security Vulnerability

If you believe you have identified a security vulnerability affecting MRIMath systems, please report it to:

📧 Email: security@mrimath.com
📌 Subject: Security Vulnerability Disclosure

Reports may be submitted by customers, partners, or independent security researchers. Anonymous reports are accepted.

What to Include

To help us investigate efficiently, please include:

  • A description of the issue
  • The affected system or component
  • Steps to reproduce or proof of concept
  • Potential impact (security, availability, data, or clinical use)

What You Can Expect From Us

  • Acknowledgment of your report within 3 business days
  • Risk-based assessment prioritizing patient safety and clinical impact
  • Timely remediation using controlled and validated updates
  • Clear communication when an issue affects customers or deployments
  • Non-disruptive handling of fixes to preserve clinical operations

Vulnerability Handling & Disclosure

Vulnerabilities are assessed based on potential impact to:

  • Patient safety
  • Clinical decision-making
  • Data confidentiality (PHI)
  • System availability

Issues are remediated before public disclosure whenever possible. Customers are notified when a vulnerability is relevant to their deployment.

Safety & Regulatory Escalation

If a vulnerability could:

  • Impact patient safety
  • Affect clinical availability
  • Involve protected health information (PHI)

MRIMath escalates the issue through its incident response and safety processes and coordinates communication accordingly.

Responsible Disclosure & Safe Harbor

MRIMath supports responsible security research conducted in good faith. We ask that reporters:

  • Avoid accessing patient data
  • Avoid service disruption or denial-of-service testing
  • Allow reasonable time for remediation before public disclosure

MRIMath will not pursue legal action against individuals who follow this policy and act responsibly.

Questions or Follow-Up

For security-related questions, please contact:
📧 security@mrimath.com