Skip to page content

Reporting a Potential Security Vulnerability or Concern

Epic is committed to providing secure enterprise software to its customers. We rely on our strong information security management system to guide our policies and procedures, and take great care during our software development process to avoid and address any potential security vulnerabilities. But we also recognize that not all vulnerabilities can be avoided, and we promptly investigate any reports of potential security or privacy issues in our program or software.

We encourage responsible reporting of potential security concerns using one of these methods:

  • If you are an Epic community member, you can report a potential security vulnerability or concern by contacting your Epic technical services representative or technical coordinator. We will work with you to investigate the issues you report, and we will provide guidance to the rest of the Epic community as necessary, following our standard security and privacy risk escalation process.
  • If you are a patient of a healthcare organization using Epic software, you can share your concerns directly with the organization where you receive care. Organizations using Epic software maintain and configure their instance of Epic software based on their organization’s unique needs, and may be better suited to address your concerns or findings.
  • Security researchers, security and penetration testing companies, or anyone else can report a potential vulnerability to us directly by sending an email to securitycontact@epic.com, or by calling our main number (608) 271-9000. Use the PGP Key below or contact us to provide a secure method for you to share the details of your findings.
  • If you have concerns about the adherence to our information security management system, email securitycontact@epic.com or call our main number at (608) 271-9000.

Please note that Epic does not offer compensation for reporting potential vulnerabilities or other issues in the software.

Public PGP Key

—–BEGIN PGP PUBLIC KEY BLOCK—–

mQENBF9rs+8BCADFXXj9YovO0IXpB1st5P8frVLlHyBlwk2HQ/FCCffMUi0iUifc
R58H83IMuEFu/VacTo/TaePzSkIjSHnD82DJwNazwU42gAGVlcf/yxWvpgPXvkQU
6GkvRyYmwtSpKDdrt71oaNHFdK2M6+IJW8tsTzk6r+/gZyiq+fdEqc3VDJxhC/7P
tuj6EidqdZRbzHWL2WsqpdG/uj9WitOodyAnzeFWpgTzTEtz115v7QoSkcLzLrul
U3TuS/qLEsOg9M4MU48/SYRuFQ8+OnNZplxmAQVUr0YsCcMl39mUOhSbpMwHp0PZ
ry6HA9pJDSPK7hBogqhyXDH4xmDAaQR9F6L3ABEBAAG0MEVwaWMgU2VjdXJpdHkg
Q29udGFjdCA8U2VjdXJpdHlDb250YWN0QGVwaWMuY29tPokBVAQTAQgAPhYhBKZY
q27MO5qjXz2mMdGVlLruL/3wBQJfa7PvAhsDBQkDwjIhBQsJCAcCBhUKCQgLAgQW
AgMBAh4BAheAAAoJENGVlLruL/3wchcH+QE7ajkk4DUF5QpQ5MvW2StOkT5ouuJt
C8A2jvnyyHLKE/xUGQgrw2haCZEyLWHaKDiweTg36FGO1EaGcUuLTZhQRN4V7U/Z
BSqDx4B43CJZCpOesAwFts6k68MRx/BcfWSINXHfRFsSkM7h+u/iG53kc7g1VBPC
cMZ6Mt9EysPiRc2WuXKaq3BpXLTWgBO+2B7XcRu+gaGqmCYEMZhmsflVDAFwMZON
sPY3uHJno0VH0TDqCn4wBTQoBBnBF9ttPOVAKRvfZxQWtfBv/EBgOaLTSQ0NbZzX
Jm3ZJoMgpetzsUWsn14CoupJEC5Mz+IK3YW/u5JUhI8csnd9uAqjrlW5AQ0EX2uz
7wEIAMexKE67OGdqw7xOkgjAgK56kA4OUa63dTz4TBM7mmffH8ZjJbEA+XKkFscb
8I7j+DhvEnGYp7cpbQY/4uwxY2du6O1GYZIS7RcOdkrzOnrTPHmYxmotQ1+j2LDG
TnitqmDTxi/j7vkYORE1pGUk4REAXxD7nZUD7rqKhUQnl/AK9LvxFIXxRvi21aRw
0HyiGOxJ9F4nGrkCZ/kKJoLRlM48RRWbtPAuaNx5lzFD0S92UfRI+QFDUCfNll0M
mBKHlDQCP7tjr0zIB9+tiTUXxsGBfb6rCk7KiGhzplCj3jqH7Uk/tihP21vf80fD
HFkVfhWf43uV8DAIIXNEde4fsSsAEQEAAYkBPAQYAQgAJhYhBKZYq27MO5qjXz2m
MdGVlLruL/3wBQJfa7PvAhsMBQkDwjIhAAoJENGVlLruL/3wBtkH/RWuptaKYglt
GmbkAhs/zx8rw9jZlUjirfBFS0zOoNu8d2pMAEyzfzzoSw2C6WRk6mzlPpYwHzlU
mn8V2cyk0KNwOXgjvZjPJi3dMfN1uzDYclI7++7lA0iGvtEn6eEjc6E6F7CAEnxw
gZtXAPCmiGfVVQzu6E5ljsGq4IQDmNXAXKwrbeAWi2Bqf5O4gjbQ2dnfgPD/Mpno
Blze+Nbepgg9Ynp7AISO8HQNPVKZrf70ic20Yoyg/gE29tzuu2yyENAIecp6g0Y8
dXvIPkj42OaIXhrZ1jq+bWXlP/r8JXhirt9IxRIQdVOxZ+WNKCzgW7dgnmDKjoxV
gCU3XcaexMM=
=QS2C
—–END PGP PUBLIC KEY BLOCK—–