A white-hat hacking/vulnerability company contacts you claiming that they have discovered a zero-day attack vulnerability in your new health care software for clinics and hospitals.

A white-hat hacking/vulnerability company contacts you claiming that they have discovered a zero-day attack vulnerability in your new health care software for clinics and hospitals. The vulnerability is not known to the public nor to the black-hat hacking community. And, the white-hat company is offering to sell you a fix. Based upon the course, what actions should your security team take?