How Walgreens’ sloppy Covid-19 test registration system exposed patient data

How Walgreens’ sloppy Covid-19 test registration system exposed patient data

https://www.vox.com/recode/22623871/walgreens-covid-test-site-data-vulnerability

Exploit: Misconfiguration

Walgreen’s: Drugstore Chain

Qualys-server-exploited-to-steal-financial-files-img2

Risk to Business: 1.336=Extreme Vox reports that the personal data of patients that had a COVID-19 test at Walgreens was stored incorrectly and exposed to anyone who cared to view it. The data exposure potentially affects millions of people who used Walgreens’ COVID-19 testing services over the course of the pandemic. The exposure came to light after a security expert checked for test results for a family member and noticed the issue. discovered the issues in March after a family member got a COVID-19 test. The vulnerability has been around since at least March 2021 when the expert discovered it, but likely longer

Qualys-server-exploited-to-steal-financial-files-img2

Individual Risk: 1.217=Extreme Patient personal data exposed include each patient’s name, date of birth, gender identity, phone number, address and email. In some cases, test results are also available.

Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: When a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause. It’s also going to cost them a fortune in penalties once regulators get finished with them.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


3 Essential Types Of Cyber Security Your Business Must HaveCLICK HERE!
+ +