To learn more about how MatrixCare fulfills this mission, see below:
MatrixCare Information Security
Security Bulletin For further information regarding any of the topics below, please contact MatrixCare Security.
MatrixCare Product Security
MatrixCare strives to protect information in accordance with all applicable laws and regulations. In order to achieve a suitable level of cybersecurity, MatrixCare focuses on the following activities where appropriate:
- Security by Design
- Secure Systems Development
- System Risk Assessment
- Vulnerability Management
- Incident Response
MatrixCare Vulnerability Disclosure
If you notice an issue with, or potential cybersecurity threat to, a MatrixCare-operated digital platform, please report it to us.
Prohibited Actions
- Social engineering and phishing
- Physical attacks against MatrixCare-owned systems or sites
- Actions that may disrupt service (e.g. denial of service, brute force)
- Sending identifiable customer, patient, employee or user data
- Premature public disclosure of a cybersecurity vulnerability
- Testing of non-MatrixCare systems, such as 3rd-party suppliers
Reporting Procedures
- Send an email to [email protected] using the MatrixCare Security PGP Key. Do not include patient identifiable data in your email.
- Provide as much information as possible, including steps to reproduce the issue and any logs or scripts used (e.g. text, screenshots)
- If you would like follow up, please use a valid email address
Report Review
- MatrixCare will contact you with an incident number, and may request additional information
- MatrixCare will verify the vulnerability, and will coordinate internally to plan for remediation, if verified
- MatrixCare will coordinate a disclosure timeline with you
- MatrixCare will notify you when the issue has been resolved
- MatrixCare will make an effort to respond to status inquiries within 10 business days