Skip to page content

Reporting a Potential Security Vulnerability

Epic is committed to providing secure enterprise software to its customers. We take great care during our software development process to avoid and address any potential security vulnerabilities. But we also recognize that not all vulnerabilities can be avoided, and we promptly investigate any reports of potential security or privacy issues in our software.

We encourage responsible reporting of potential security vulnerabilities using one of these methods:

  • If you are an Epic community member, you can report a potential security vulnerability by contacting your Epic technical services representative or technical coordinator. We will work with you to investigate the issues you report, and we will provide guidance to the rest of the Epic community as necessary, following our standard security and privacy risk escalation process.
  • If you are a patient of a healthcare organization using Epic software, you can share your concerns directly with the organization where you receive care. Organizations using Epic software maintain and configure their instance of Epic software based on their organization’s unique needs, and may be better suited to address your concerns or findings.
  • Security researchers, security and penetration testing companies, or anyone else can report a potential vulnerability to us directly by sending an email to, or by calling our main number (608) 271-9000. We can provide a secure method for you to share the details of your findings with us.

Please note that Epic does not offer compensation for reporting potential vulnerabilities or other issues in the software.