Cigna
Cigna Healthcare offers health insurance plans such as medical and dental to individuals and employers, and international health insurance.
External Program
Submit bugs directly to this organization
Cigna
Cigna Healthcare offers health insurance plans such as medical and dental to individuals and employers, and international health insurance.
External Program
Submit bugs directly to this organization
The security team at Cigna Healthcare® strongly believes that collaboration with the security community is key to maintaining secure environments for all of our clients, members, and partners. If you believe you have discovered a security vulnerability on a Cigna Healthcare, or any of its subsidiaries or affiliates, website, mobile application, or other property, we strongly encourage you to inform us as quickly as possible. Disclosures may be made to: [email protected]
Our Responsible Disclosure Program is governed by these Responsible Vulnerability Guidelines (the "Guidelines"). By submitting a vulnerability to Cigna Healthcare, you agree to be bound by these Guidelines.
Our Responsible Disclosure Program relates only to applications built by Cigna Healthcare, its subsidiaries, and affiliates. For third party built applications, please reach out to relevant third parties.
Only security vulnerabilities should be reported through this program.
Vulnerabilities related to Cigna Healthcare and its subsidiaries are in scope.
The following are out of scope of our Responsible Disclosure Program, do not qualify as valid vulnerabilities under these Guidelines, and should not be reported:
The privacy of our clients, members, and partners must be maintained during the disclosure of any vulnerability.
This page includes instructions on how to securely report vulnerabilities to our security team. Cigna Healthcare does not accept disclosures that do not follow these Guidelines.
We ask you to:
A vulnerability disclosure must include the following information to be deemed a valid disclosure under these Guidelines and our Responsible Disclosure Program:
Vulnerability information is extremely sensitive. Please email your vulnerability disclosure to us using the following PGP key.
Key fingerprint: 1032 993A B76C 4C63 FAF0 8DAC 605B 84FA CBD8 0994
Please direct these emails to [email protected]
Cigna Healthcare will use reasonable efforts to acknowledge the receipt of your disclosure within seven (7) business days and will provide next steps. If requested, and where reasonable under the circumstances, we will notify you when the vulnerability has been fixed.
The validity of the disclosure will be evaluated at our sole discretion. We will of course make a reasonable effort to work with you to better understand the submission. Cigna Healthcare and its subsidiaries and affiliates are free to use and incorporate any feedback, suggestions, or recommendations you provide to Cigna Healthcare.
We recognize the importance of white hat researchers who are helping make the digital space safer for everyone. Vulnerabilities disclosed according to these Guidelines may be included in our Researcher Hall of Fame at our sole discretion. We do not otherwise compensate researchers for identifying potential or confirmed vulnerabilities.
We will not pursue legal action against you if you act in good faith when conducting your research, comply with these Guidelines, do not engage in any illegal conduct, do not attempt to harm Cigna Healthcare, or our subsidiaries, affiliates, clients, members, partners, or others, or otherwise infringe or misuse Cigna Healthcare property.