https://www.vox.com/recode/22623871/walgreens-covid-test-site-data-vulnerability
Exploit: Misconfiguration
Walgreen’s: Drugstore Chain
Risk to Business: 1.336=Extreme Vox reports that the personal data of patients that had a COVID-19 test at Walgreens was stored incorrectly and exposed to anyone who cared to view it. The data exposure potentially affects millions of people who used Walgreens’ COVID-19 testing services over the course of the pandemic. The exposure came to light after a security expert checked for test results for a family member and noticed the issue. discovered the issues in March after a family member got a COVID-19 test. The vulnerability has been around since at least March 2021 when the expert discovered it, but likely longer
Individual Risk: 1.217=Extreme Patient personal data exposed include each patient’s name, date of birth, gender identity, phone number, address and email. In some cases, test results are also available.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: When a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause. It’s also going to cost them a fortune in penalties once regulators get finished with them.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
