• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Walgreens Exposed COVID Patient Registration Data

Walgreens Exposed COVID Patient Registration Data

2021-09-16 by Michelle Dvorak

Walgreens Data Breach

Sensitive personal test info left exposed online

Walgreens allegedly left the personal details of patients who took COVID-19 tests at their pharmacies exposed to the public. The data leak affects millions of patients who used Walgreens; COVID-19 testing services.

The highly sensitive patient information was left exposed online for anyone to see.

Walgreens is the second-largest pharmacy chain in the United States with over 9,000 locations. Walgreens also owns Duane Reed and Boots. The chain is second only to CVS.

READ United Nations Confirms Data Breach

“Multiple security experts told Recode that the vulnerabilities found on the site are basic issues that the website of one of the largest pharmacy chains in the United States should have known to avoid,” says a post on Recode.

READ Colonial Pipeline Ransomware Attack Caused Data Breach

Exposed personal data includes:

  • Patient name
  • Birthdate
  • Gender
  • Phone number
  • Address
  • email address
  • Order ID
  • Name of the lab

Some COVID-19 test result data was also exposed.

The cause of the security vulnerability was the Walgreens appointment registration system. When someone completes the patient registration form and submits it online, they received a 32 digit ID assigned to them with their appointment request.

The identification number was also used as part of the website URL to access their patient information. No login credentials were required to see the patient data or test results.

The problem is that URL to see any patient’s information is the same. You can guess at it by tacking on the ID number. If you randomly guess someone’s registration number, you can see anyone’s private registration information.

READ T-Mobile Data Breach Tally Now Stands at 54 Million Customers Breached

That means anyone can randomly guess at the ID numbers and see someone’s patient information. it also means that anyone with access to your web browser history can see your COVID-19 registration information and possibly test results. This is especially concerning for anyone who registered for a test on a public computer or at work.

“Walgreens told Recode that it was a top priority to protect its patients’ personal information, but that it also had to balance the need to secure information with making Covid-19 testing “as accessible as possible for individuals seeking a test.”

Walgreens has not fixed this security vulnerability according to Recode.

Filed Under: News

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version