News

Walgreens’ Patient Data Exposed Due to “Sloppy” COVID Test Registration System

Info of millions potentially exposed by system vulnerabilities, which remain unfixed

Published

3 years ago

September 14, 2021

VMSD Staff

Walgreens’ Patient Data Exposed Due to “Sloppy” COVID Test Registration System — iStock, tupungato

iStock, tupungato

The personal data of potentially millions of Walgreens patients who used the drugstore chain’s COVID-19 test registration system were exposed on the open web and available for collection by ad trackers, Recode reports.

The information includes names, dates of birth, gender identities, addresses, contact information, and in some cases, test results.

Multiple security experts said the vulnerabilities found on the site are basic issues that a company of Walgreens’ stature should have known to avoid. “Just the sheer number of third-party trackers attached to the appointment system is a problem, before you consider the sloppy setup,” Sean O’Brien, the founder of Yale’s Privacy Lab, told the outlet.

When Recode learned of the security problems and informed Walgreens, the outlet said it gave the pharmacy chain time to fix the security issues, but Walgreens did not do so.

“We regularly review and incorporate additional security enhancements when deemed either necessary or appropriate,” Walgreens said in response.

Read more at Recode.

VMSD Staff

Drawing on more than 125 years of history serving the retail design market, VMSD magazine provides retail professionals with the most up-to-date, innovative retail design ideas and industry news through its industry-leading magazine, website, social media channels and bulletins.