Radar Healthcare Assurance
Welcome to Radar Healthcare Assurance. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust and Assurance Hub to learn about our security posture and request access to our security documentation.
Documents
Subprocessors
Subprocessors
- How does Radar Healthcare support the NHS's standards for information governance?
Security Advisory: Review of ChipSoft Ransomware Incident
We are aware of the recent ransomware incident involving ChipSoft. Radar Healthcare is not affected. As part of our internal continuous improvement process, we have reviewed the incident and its relevance to our threat landscape. We regularly assess sector-wide events to inform our security posture and ensure our controls remain robust and aligned with best practices.
Security Advisory: Axios Supply Chain Incident – Impact Assessment and Position Statement
Axios is used within the Radar platform, primarily in the frontend, and may also appear as a transitive dependency in other services. Our production implementation is on version 1.9.0, and we have confirmed that we were not impacted by the recent supply chain compromise affecting specific Axios versions. No affected versions were installed or in use within our production environment during the relevant window. Indirect dependencies identified are on versions not associated with the reported incident and are managed in line with our vulnerability management process.
We continuously monitor third-party components through our secure development lifecycle, assessing and prioritising vulnerabilities based on risk, with remediation undertaken accordingly. Based on our review, we have identified no evidence that this issue has impacted the confidentiality, integrity, or availability of the Radar platform or customer data.
Security Advisory Assessment – Cloudflare Vulnerabilities
Radar Healthcare has completed an assessment of the recently disclosed vulnerabilities relating to Cloudflare services.
Assessment Outcome: No impact to Radar Healthcare services or customer data.
This determination is based on the following:
-
The ACME HTTP-01 certificate validation path vulnerability was remediated by Cloudflare at the provider level. Cloudflare confirmed no evidence of exploitation and that no customer action was required.
-
The request smuggling vulnerability in the Pingora proxy framework (CVE-2025-4366) is not applicable to Radar Healthcare. The affected components (pingora-proxy and pingora-cache) are not used within our environment, and we do not operate on the Cloudflare free tier where exposure was limited. Cloudflare confirmed no evidence of exploitation and completed remediation within 22 hours of disclosure.
-
Internal validation confirmed that our service configuration and architecture do not utilise the affected components or configurations.
Radar Healthcare continues to monitor vendor advisories and threat intelligence as part of its vulnerability management process.