SEAES HMS ← Back to site
Security

Responsible Disclosure Policy

Last updated: 13 June 2026

How to report a security vulnerability to SEAES, and what you can expect in return.

In short

  • Found a security issue in SEAES HMS or this website? Tell us privately at [email protected] (subject: Security).
  • Research in good faith, don't access or alter real patient data, and give us reasonable time to fix the issue before going public.
  • We will acknowledge your report, keep you updated, and won't pursue good-faith researchers who follow this policy.

Our commitment

Security matters to us, and we welcome reports from clients and security researchers who help us keep SEAES HMS safe. This policy explains how to report a vulnerability responsibly and what we commit to in return.

How to report

Email [email protected] with the subject line Security. To help us investigate quickly, please include:

  • the product or URL affected, and the version if known;
  • a clear description of the issue and its potential impact;
  • step-by-step instructions to reproduce it (proof-of-concept welcome);
  • your name and how you'd like to be credited, if at all.

Scope

This policy covers this website and SEAES HMS instances operated by SEAES. Please do not test a hospital's on-premises or independently operated deployment without that hospital's explicit permission — those systems are not ours to authorise.

Please do not

  • access, modify, delete or exfiltrate real patient or personal data;
  • run denial-of-service attacks, spam, or large-scale automated scanning that degrades the service;
  • use social engineering, phishing, or physical intrusion against staff or facilities;
  • publicly disclose the issue before we have had a reasonable chance to fix it.

Safe harbour

If you make a good-faith effort to follow this policy, we will treat your research as authorised, will not pursue or support legal action against you for it, and will work with you to understand and resolve the issue quickly. This policy does not grant permission to act unlawfully or to harm others' data.

What you can expect from us

  • we aim to acknowledge your report within 5 working days;
  • we will keep you informed as we investigate and remediate;
  • we will credit you for the discovery if you would like us to.

Coordinated disclosure

We ask that you give us a reasonable period to remediate before any public disclosure, and that we coordinate timing together so that clients and patients are protected.

This page is provided for transparency about how SEAES HMS works. For the binding terms of a specific hospital deployment, refer to the signed agreement between that hospital and SEAES. SEAES HMS is pre-launch; screens and data shown on this website are illustrative and use synthetic records only.