Please enter mandatory and valid details
Security

Coordinated Vulnerability Disclosure (CVD) Statement

OptraSCAN is committed to maintaining the safety, security, and reliability of its digital pathology products and services. We prioritize protecting patients, clinicians, laboratories, and customers who rely on our solutions. Our commitment includes welcoming responsible security research and ensuring that potential vulnerabilities are handled in a coordinated, systematic, and transparent manner.

This Coordinated Vulnerability Disclosure (CVD) Statement describes how vulnerability reporters can safely and responsibly notify OptraSCAN of potential security issues, and how OptraSCAN will work to assess and address them.

Scope

This CVD program applies to cybersecurity vulnerabilities that may impact the:

Issues unrelated to cybersecurity—such as general service faults, usability concerns, hardware damage, or third party infrastructure may fall outside this program.

How to Report a Vulnerability

If you believe you have identified a potential security vulnerability in an OptraSCAN product or service, we encourage you to report it privately and responsibly.

You can request support via clicking:

Report Incident

or email us at: customersupport@optrascan.com

To help us evaluate your report efficiently, please include (where possible):

1.  Your contact information

2.  Technical details about the vulnerability

3.  Steps to reproduce

4.  Optional evidence or materials

5.  Any third party coordination already initiated

OptraSCAN will acknowledge receipt of valid reports within two business days and provide follow up communication as needed.

Rules of Engagement

OptraSCAN requests that all researchers follow these principles to ensure ethical and safe security testing:

Researchers acting in accordance with these expectations will be treated as good faith contributors to OptraSCAN security.

Vulnerability Handling & Prioritization

All reported vulnerabilities are evaluated based on:

OptraSCAN prioritizes vulnerabilities that could affect patient safety, sensitive data, or essential functionality.

We may provide non sensitive status updates as appropriate during the coordination process.

Indicative Remediation Targets

Once a vulnerability has been validated, OptraSCAN aims to remediate issues within the following indicative timeframes:

These targets are indicative and may vary depending on technical complexity, component dependencies, third party engagement, or the scope of required validation.

Regulatory Reporting Obligations

Where applicable, OptraSCAN will meet any required regulatory reporting obligations, including those to the FDA or other competent authorities, for IVD medical devices or connected digital pathology systems.

This includes reporting significant cybersecurity issues when required by law or regulation.

Coordinated Disclosure Guidelines

OptraSCAN supports coordinated vulnerability disclosure. We ask that all reporters:

A 90 day coordination window is generally appropriate for most issues, unless active exploitation or safety concerns require accelerated communication.

Legal Safe Harbor

OptraSCAN will not initiate legal action against individuals who:

This safe harbor provision does not apply to actions that violate applicable laws, compromise patient safety, or intentionally disrupt operations.

Manufacturer Disclosure Statement for Medical Device Security (MDS2)

OptraSCAN is committed to maintaining transparency and ensuring the cybersecurity and safe integration of its devices within healthcare IT environments. As part of this commitment, OptraSCAN provides the Manufacturer Disclosure Statement for Medical Device Security (MDS2) for its devices.The MDS2 form is a standardized document that communicates important cybersecurity-related information about a medical device. It helps healthcare organizations understand the device's security capabilities, network requirements, and data protection features before integration into their systems.

The MDS2 form for OptraSCAN devices includes information related to device security features, such as:

OptraSCAN_MDS2_form

Acknowledgment

OptraSCAN sincerely thanks the security research community, customers, and partners for their efforts to responsibly identify and report vulnerabilities. Your contributions help reinforce the safety, reliability, and security of OptraSCAN's digital pathology solutions.

Together, we support a safer and more resilient healthcare ecosystem.