Cleveland Clinic

Medical website collecting sensitive patient data via insecure connection

What is the problem?

Website for “Jersey’s second largest Medical Practice”, with an insecure appointment booking page. The form asks for sensitive personal info including DOB and health insurance number.

Disclosure Policy

Prior to public disclosure, notification about any privacy or security issues discovered were sent by email to the operator of this website on 5th February 2019, using either an email address publicly discoverable on the site, or the RFC 2142 standards compliant address "webmaster@..." if no public email address was provided.

At time of posting the issue had not yet been resolved.