Technician repairs device

Product & Security Updates

We are committed to and passionate about ensuring our products are safe and secure for their intended clinical use. We have developed our products with cybersecurity controls integrated into the design, ensuring industry-leading security best practices and international privacy standards are applied throughout all phases of the product lifecycle.

We are committed to having open communication with users of our products regarding product security, safety information and updates.

Product security bulletins

PTC Axeda Bulletin

PrisMax Bulletin

Prismaflex Bulletin

Phoenix Bulletin

Final Prismax Bulletin Ripple20

Bulletin for SweynTooth Vulnerabilities

Bulletin for Mirth Connect

Bulletin for Log4j

Bulletin for IPnet and VxWorks

 

Customers with a specific security question about any of our products can reach out to [email protected] or contact their Vantive service representative.

We have established a Privacy Notice to reflect the foregoing principles which are a key part of our company culture and operations.

Privacy Notice

Coordinated vulnerability disclosure process

Vantive’s mission is to extend lives. To empower the people who live them, and the clinicians who protect them. Fundamental to our mission and strategy, we are committed to designing, manufacturing, and maintaining safe and secure medical devices. We also know that cybersecurity threats and vulnerabilities change rapidly. Therefore, we are committed to working with the security researcher community to verify and respond to legitimate vulnerabilities and ask researchers to participate in our responsible reporting process outlined below.

Scope

Vantive created this coordinated disclosure process for security researchers to report potential vulnerabilities related to Vantive’s commercially available products. It is not meant for technical support information on Vantive products or for reporting Adverse Events or Product Quality Complaints. For all of these other matters please visit for the appropriate reporting channel on our Contact & Support page.

How to submit

If you have discovered a potential vulnerability related to a Vantive product, we ask you to contact us in English at Vantive’s Product Security Mailbox. Please encrypt your email using our GPG (GnuPG) public key.

Please include the following information:

  • Contact information so we can get in touch with you (name, organization, email address and phone number)
  • Whether you believe multiple vendors are affected
  • When and where the vulnerability was discovered
  • Technical description of the vulnerability and environment in which it was discovered
  • Name, version, and configuration details of the affected product
  • Specific impact and how you envision this vulnerability could be used in an attack
  • Information about the tools and techniques you used to discover this vulnerability
  • Any proof of concept or exploit code
  • Any indications of the vulnerability being exploited
  • Prior or intended disclosure of vulnerability information to other parties (e.g. regulators, vulnerability coordinators, vendors)

Please do not include any personal information, such as sensitive/health information.  

What will Vantive do?

  • We will acknowledge receipt of the report within 7 days.
  • We will escalate the report to the appropriate team to verify and reproduce the reported vulnerability. You may be contacted during this time to support our verification efforts.
  • We will evaluate the reported vulnerability and conduct a risk analysis to determine appropriate action to take.
  • If Vantive determines the issue warrants disclosure, we will publish notification on this page, and we will report it to the appropriate external parties such as Cyber Emergency Response Teams (CERTs) and Information Sharing and Analysis Organizations (ISAOs).

Additional information for security researchers

Please only conduct testing in secure environments, which comply with the following:

  • All laws and regulations
  • Avoiding any testing that could hurt patients, cause a privacy issue, or damage equipment
  • Avoiding testing on devices in use or software that is in a production environment
  • Avoiding actions taken to exploit any vulnerability
  • Avoiding action that could make changes to a product or system after the test is completed

Notice

By submitting information through this process, you agree that it will be considered non-proprietary and non-confidential, and that Vantive is allowed to use the information in any manner, in whole or in part, without any restriction. You also agree that submitting such information does not create any rights for you or any obligations for Vantive.

Important product updates

The table below shows a complete rundown of all our important product updates. Customer letters on this page have been mailed directly to customers affected by the specific updates and in some situations include reply forms for customers to return to us.

If you have questions or want more information, please visit our Contact & Support page.

We are happy to report that no updates are available currently.

DateProductCategoryReference