Walgreen’s COVID Test Website Might Have Exposed Patient Data, Security Experts Say
Anyone who got a COVID-19 test at Walgreens might have had personal data left online, including their name, date of birth, phone number, address, and email. In some cases, the results of the COVID tests were left on the open web for anyone to see, according to a new report by Recode.
Security vulnerabilities on the Walgreens COVID website were first discovered by Alejandro Ruiz, a consultant with Interstitial Technology PBC. He said: “Any company that made such basic errors in an app that handles health care data does not take security seriously.”
Recode told Walgreens of Ruiz’s findings, which two other security experts verified. Recode granted Walgreens time to fix the vulnerabilities before publishing the story, but Walgreens didn’t comply.
It was found that people’s sensitive data could be exposed to ad tracking websites. The platform’s vulnerabilities are an example of how a megacorporation promoted itself as a “vital partner in testing” that rushed out a testing registration platform that didn’t take privacy and security seriously.
When asked, Walgreens did not specify how long security vulnerabilities were present on its platform. There’s reason to believe the vulnerabilities began as early as July 2020. – READ MORE
Responses