How Walgreens’ sloppy Covid-19 test registration system exposed patient data – By Sara Morrison (VOX) / Sept 13 2021
Millions of people got Covid-19 tests through Walgreens. Their information wasn’t adequately protected.
Support from readers like you helps keep this article free. Help us hit our goal of adding 2,500 contributions by the end of September by giving today.
If you got a Covid-19 test at Walgreens, your personal data — including your name, date of birth, gender identity, phone number, address, and email — was left on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens’ site to collect. In some cases, even the results of these tests could be gleaned from that data.
The data exposure potentially affects millions of people who used — or continue to use — Walgreens’ Covid-19 testing services over the course of the pandemic.
Multiple security experts told Recode that the vulnerabilities found on the site are basic issues that the website of one of the largest pharmacy chains in the United States should have known to avoid. Walgreens has promoted itself as a “vital partner in testing,” and the company is reimbursed for those tests by insurance companies and the government.
Alejandro Ruiz, a consultant with Interstitial Technology PBC, discovered the issues in March after a family member got a Covid-19 test. He says he contacted Walgreens over email, phone, and through the website’s security form. The company was not responsive, he says, which didn’t surprise him.
CONTINUE > https://www.vox.com/recode/22623871/walgreens-covid-test-site-data-vulnerability