Walgreens COVID-19 test registration system left patient data unprotected - Recode

Send a link to a friend  Share

[September 14, 2021]  (Reuters) -Drugstore chain Walgreens Boots Alliance's COVID-19 test registration system exposed data of potentially millions of people, including their phone numbers and email addresses, Recode reported on Monday.

The data also exposed names, dates of birth and gender identities on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens' site to collect, the report said. (https://bit.ly/3AdXgoE)

In some cases, the results of these tests could also be taken from the exposed data, the report added.

Active unique patient IDs could be guessed, or a hacker could create a bot that rapidly generated URLs with the IDs in the hope of hitting active pages, security experts told Recode, giving them a source of biographical data about people they could potentially use to hack their accounts on other sites, according to the report.

Given how many characters are in the IDs and therefore how many combinations there are, the security experts said it’d be close to impossible to find just one active page this way, the report said.

[to top of second column]

"We routinely evaluate our technology solutions in order to provide safe, secure, and accessible digital services to our customers and patients and we regularly review and incorporate additional security enhancements when necessary," Walgreens said in a statement.

(Reporting by Dania Nadeem, additional reporting by Sabahatjahan Contractor in Bengaluru; Editing by Krishna Chandra Eluri and Uttaresh.V)

 

[© 2021 Thomson Reuters. All rights reserved.]

Copyright 2021 Reuters. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.  Thompson Reuters is solely responsible for this content

 

Back to top