Helping you do what you do best

SOFTWARE AND SERVICES FOR POST-ACUTE CARE

schedule a meeting

Brightree Information Security

Brightree, a world leader in medical software and connected health solutions, seeks to protect the security of information of our customers and their patients, our third party vendors, our affiliates and our global team.

To learn more about how Brightree fulfills this mission, see below:

Brightree Information Security

Security Bulletin For further information regarding any of the topics below, please contact Brightree Security.

Brightree Product Security

Brightree strives to protect information in accordance with all applicable laws and regulations. In order to achieve a suitable level of cybersecurity, Brightree focuses on the following activities where appropriate:

  • Security by Design
  • Secure Systems Development
  • System Risk Assessment
  • Vulnerability Management
  • Incident Response
Brightree Vulnerability Disclosure

If you notice an issue with, or potential cybersecurity threat to, a Brightree-operated digital platform, please report it to us. Prohibited Actions

  • Social engineering and phishing
  • Physical attacks against Brightree-owned systems or sites
  • Actions that may disrupt service (e.g. denial of service, brute force)
  • Sending identifiable customer, patient, employee or user data
  • Premature public disclosure of a cybersecurity vulnerability
  • Testing of non-Brightree systems, such as 3rd-party suppliers
Reporting Procedures
  1. Send an email to security@brightree.com using the Brightree Security PGP Key. Do not include patient identifiable data in your email.
  2. Provide as much information as possible, including steps to reproduce the issue and any logs or scripts used (e.g. text, screenshots)
  3. If you would like follow up, please use a valid email address
Report Review
  • Brightree will contact you with an incident number, and may request additional information
  • Brightree will verify the vulnerability, and will coordinate internally to plan for remediation, if verified
  • Brightree will coordinate a disclosure timeline with you
  • Brightree will notify you when the issue has been resolved
  • Brightree will make an effort to respond to status inquiries within 10 business days