Walgreens’ Patient Data Exposed Due to “Sloppy” COVID Test Registration System

The personal data of potentially millions of Walgreens patients who used the drugstore chain’s COVID-19 test registration system were exposed on the open web and available for collection by ad trackers, Recode reports.

The information includes names, dates of birth, gender identities, addresses, contact information, and in some cases, test results.

Multiple security experts said the vulnerabilities found on the site are basic issues that a company of Walgreens’ stature should have known to avoid. “Just the sheer number of third-party trackers attached to the appointment system is a problem, before you consider the sloppy setup,” Sean O’Brien, the founder of Yale’s Privacy Lab, told the outlet.

When Recode learned of the security problems and informed Walgreens, the outlet said it gave the pharmacy chain time to fix the security issues, but Walgreens did not do so.

“We regularly review and incorporate additional security enhancements when deemed either necessary or appropriate,” Walgreens said in response.

Read more at Recode.