cyber Breach

Walgreens

May 11, 2023 1 min read
Walgreens

Walgreens’ Covid-19 test registration system exposed patient data of millions of people who got Covid-19 tests through Walgreens.

The personal data — including your name, date of birth, gender identity, phone number, address, and email — was left on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens’ site to collect.

However, Walgreens added an authentication screen to its Covid-19 test confirmation pages and made it mandatory for anyone who wants to access the test confirmation pages to enter the patient’s date of birth first.

Source: https://www.vox.com/recode/22623871/walgreens-covid-test-site-data-vulnerability

TPRM report: https://scoringcyber.rankiteo.com/company/walgreens

"id": "wal221827123",
"linkid": "walgreens",
"type": "Data Leak",
"date": "09/2021",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 'Millions',
                        'industry': 'Healthcare',
                        'name': 'Walgreens',
                        'type': 'Pharmacy'}],
 'attack_vector': 'Open Web Exposure',
 'data_breach': {'number_of_records_exposed': 'Millions',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Personal Data'},
 'description': 'Walgreens’ Covid-19 test registration system exposed patient '
                'data of millions of people who got Covid-19 tests through '
                'Walgreens. The personal data — including your name, date of '
                'birth, gender identity, phone number, address, and email — '
                'was left on the open web for potentially anyone to see and '
                'for the multiple ad trackers on Walgreens’ site to collect.',
 'impact': {'data_compromised': ['Name',
                                 'Date of Birth',
                                 'Gender Identity',
                                 'Phone Number',
                                 'Address',
                                 'Email'],
            'systems_affected': 'Covid-19 Test Registration System'},
 'response': {'containment_measures': 'Added authentication screen to Covid-19 '
                                      'test confirmation pages',
              'remediation_measures': 'Made it mandatory to enter the '
                                      'patient’s date of birth first'},
 'title': 'Walgreens Covid-19 Test Registration System Data Exposure',
 'type': 'Data Exposure',
 'vulnerability_exploited': 'Lack of Authentication'}
Published by
Harshit Kaur Bhatia
Harshit Kaur Bhatia
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.