Security

NHS Digital takes security and the protection of private data extremely seriously. If you believe you have found a vulnerability or other issue which has compromised or could compromise the security of any of our systems and/or private data managed by our systems, please do not hesitate to contact us using the methods outlined below.

Reporting a vulnerability

PLEASE NOTE: Email and HackerOne are our preferred methods of receiving reports.

Email

If you wish to notify us of a vulnerability via email, please include detailed information on the nature of the vulnerability and any steps required to reproduce it.

You can reach us at:

• cybersecurity@nhs.net
• api.management@nhs.net

HackerOne

If you are registered with HackerOne and have been admitted to the NHS Programme, you can report directly to us at: https://hackerone.com/nhs

NCSC

You can send your report to the National Cyber Security Centre, who will assess your report and pass it on to NHS Digital if necessary.

You can report vulnerabilities here: https://www.ncsc.gov.uk/information/vulnerability-reporting

OpenBugBounty

We also accept bug reports via OpenBugBounty: https://www.openbugbounty.org/

General Security Enquiries

If you have general enquiries regarding our cyber security, please reach out to us at cybersecurity@nhs.net