How to report a Ministry of Health security vulnerability
If you believe you’ve found a security vulnerability in one of our products or platforms, please email us.
Email: [email protected]
What to include in your email
Please write the email clearly and in English, including the following details:
- type of vulnerability
- how you found the vulnerability
- whether the vulnerability has been published or shared with others
- any affected configurations
- exposure or possible exposure of any personal information
- description of the location and potential impact of the vulnerability
- a detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots and compressed screen captures are all helpful to us)
If for any reason you do not wish to contact us directly, we encourage you to engage with CERT NZ, who can broker the disclosure to the Ministry. Note that reporting via CERT NZ gives you an option for anonymous reporting.
Contact CERT NZ to report a security incident
Please note that more detailed Responsible disclosure guidelines are coming soon.