Island Medical Centre

Medical website collects personal info, medical info, and prescriptions via insecure web pages

What is the problem?

Website collects personal medical info including doctor, DOB, and prescription requests via unencrypted connection. An encrypted connection is available but not enforced.

Their Privacy Policy says “Some services in the Practice provide the option to communicate with patients via email, SMS text or other electronic communications. Please be aware that the Practice cannot guarantee the security of this information whilst in transit, and by requesting this service you are accepting this risk.”

Disclosure Policy

Prior to public disclosure, notification about any privacy or security issues discovered were sent by email to the operator of this website on 1st July 2015, using either an email address publicly discoverable on the site, or the RFC 2142 standards compliant address "webmaster@..." if no public email address was provided.

At time of posting the issue had not yet been resolved.