Walgreens' COVID-19 test registration system exposes patient data, IT pro says 

Listen

Vulnerabilities in Walgreens' website for booking COVID-19 tests put patients' personal information and health data at risk for being hacked, Vox's Recode reported Sept. 13. 

Seven things to know: 

1. Alejandro Ruiz, a cybersecurity consultant at Interstitial Technology PBC, told the publication he discovered Walgreens' cybersecurity issues in March after a family member got a COVID-19 test. He said he contacted Walgreens over email, phone and through its website multiple times, but the pharmacy company did not respond. 

2. Walgreens' COVID-19 test appointment registration system, which anyone who wants to get a test from Walgreens must use, prompts the patient to fill out and submit a form. The patient then gets a unique 32-digit ID number and an appointment request page is created for them, which has the unique ID in the URL. 

3. Anyone who has a link to the appointment request page can see the patient's information on it, the security experts told Recode. Whoever has the link and goes to the webpage does not need to authenticate that he or she is the patient or log into an account. 

4. Patients' individual pages then remain active for at least six months and store the following information: name, gender identity, phone number, address and email, among other data. 

5. Recode said it informed Walgreens of the security vulnerabilities, but the issues haven't been remedied. In a statement to the publication, Walgreens said: "We regularly review and incorporate additional security enhancements when deemed either necessary or appropriate." 

6. Walgreens did not disclose how long its testing registration platform has had the vulnerabilities. It has offered COVID-19 tests since April 2020. 

7. Walgreens also told the publication that it is a "top priority" to protect its patients' personal data, but that the company also has to balance the need to secure information with making COVID-19 testing "as accessible as possible for individuals seeking a test."

 

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars