Responsible Disclosure

If you have discovered a security vulnerability in our systems, we ask you to report it to us responsibly.
Protecting sensitive data, especially in the medical field, is our highest priority.

Scope

This policy applies to:

  • https://easyradiology.net
  • https://easyradiology.de
  • zugehörige Subdomains und APIs

Not within scope:

  • Third-Party-Systems
  • social engineering
  • denial-of-service attacks

Safe Harbor

If you:

  • act in good faith
  • do not retrieve any data beyond what is necessary for verification,
  • do not actively disrupt any systems,
  • and allow us sufficient time to remediate the issue,

we will not take legal action against you.

Privacy Notice

Please do not submit any real patient data or personally identifiable health information.

If such data is affected, please describe the access in an abstract manner.

Handling of your report

We will:

  • prioritize reviewing and fixing the vulnerability
  • keep you informed about the progress
  • prioritize reviewing and remediating the vulnerability

Responsible Disclosure

Please provide as complete information as possible in the following form: