MICROPORT® FOCUS ON PATIENT SAFETY

MicroPort^® CRM’s purpose is to improve human life through the practical application of innovative science. Above all, we focus on the safety of our patients. MicroPort^® CRM products are developed and manufactured with the greatest attention to safety and security.

We strongly believe that increased internet connectivity of medical devices brings tremendous benefits to patients, but we realize this benefit also introduces the risk of cyberattacks and this risk is likely to increase and evolve. While we strive to provide optimal accessibility and convenience to patients and caregivers, the security of MicroPort^® CRM’s implantable medical devices is a major concern to our wireless communication experts, and the protection of our devices is continually evaluated and adjusted in light of new findings.

Microport^® CRM is committed to the safety and security of its devices throughout their life cycle – i.e. from their initial design until they are no longer in service.

To ensure that communications being sent from MicroPort^® CRM’s implanted medical devices and equipment to healthcare professionals remain secure, we follow the latest cybersecurity standards and guidelines. Our security experts are strongly involved in the Microport^® CRM products development phase, along with external cybersecurity companies that provide us additional support and testing.

As cybersecurity threat landscape is constantly evolving, we monitor and assess the latest known vulnerabilities to ensure that the security of our products remains effective.

Confidentiality and security are MicroPort^® CRM’s core values and we take seriously our responsibility to ensure the privacy and security of all our users.

COORDINATED DISCLOSURE PROCESS

If you think you have identified a potential cybersecurity vulnerability in one of our products or services, please let us know at your earliest convenience by sending an e-mail to cybersecurity@crm.microport.com using our PGP public key to encrypt your message.

Our security engineers will conduct the appropriate actions, define the follow-up procedure and perform in-depth investigations according to our designated internal processes. We will then provide you with a summary of our findings.

Please include the following Information in your e-mail:

• Contact information including name, e-mail/address and phone number. Your personal data will be kept confidential and will only be used for the security vulnerability reporting purpose in compliance with applicable data protection legislation, including Regulation (EU) 2016/679 (General Data Protection Regulation). By sending your contact information, you agree to have MicroPort^{® CRM} processing your information for such purpose.
• An in-depth description of the potential issue/vulnerability you believe you have identified, including date, products/features impacted, product serial numbers, context and description of your finding, and any technical information that could help our investigations (e.g. script used, the software, the environment).

Important Points:

• Do not include personal data or any data that could help identify patients in your e-mail report.
• Never perform tests on equipment that is actively in use or that could be used. Tests could modify the device’s behavior and could induce serious damage.
• Never take any action that could lead to self-injury or destroy the equipment.
• During your testing, never violate the laws of your country.
  

By sending us an e-mail:

- You confirm you have read and you agree with the legal statement and Privacy policy.

- You agree that the information you’ve sent does not create any rights for you and you understand that Microport CRM may use such information in whole or in part for any purpose or use, without restriction and without compensating you or obligating Microport® CRM in any way

SECURITY BULLETINS

Log4j - 01/18/2022 – Version 1.0

Nucleus:13 - 10/22/2021 – Version 1.0