 Walgreens
COVID-19 test registration system left patient data unprotected - Recode
Send a link to a friend
[September 14, 2021]
(Reuters) -Drugstore chain Walgreens Boots
Alliance's COVID-19 test registration system exposed data of potentially
millions of people, including their phone numbers and email addresses,
Recode reported on Monday.
|
|
 The data also exposed names, dates of birth and gender identities on
the open web for potentially anyone to see and for the multiple ad
trackers on Walgreens' site to collect, the report said. (https://bit.ly/3AdXgoE)
In some cases, the results of these tests could also be taken from
the exposed data, the report added.
Active unique patient IDs could be guessed, or a hacker could create
a bot that rapidly generated URLs with the IDs in the hope of
hitting active pages, security experts told Recode, giving them a
source of biographical data about people they could potentially use
to hack their accounts on other sites, according to the report.
Given how many characters are in the IDs and therefore how many
combinations there are, the security experts said it’d be close to
impossible to find just one active page this way, the report said.
[to top of second column] |
 "We routinely evaluate our
technology solutions in order to provide safe,
secure, and accessible digital services to our
customers and patients and we regularly review
and incorporate additional security enhancements
when necessary," Walgreens said in a statement.
(Reporting by Dania Nadeem, additional reporting
by Sabahatjahan Contractor in Bengaluru; Editing
by Krishna Chandra Eluri and Uttaresh.V)
[© 2021 Thomson Reuters. All rights
reserved.] Copyright 2021 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content |
