Exploit: Misconfiguration
Walgreen’s: Drugstore Chain
Risk to Business: 1.336=Extreme
Vox reports that the personal data of patients that had a COVID-19 test at Walgreens was stored incorrectly and exposed to anyone who cared to view it. The data exposure potentially affects millions of people who used Walgreens’ COVID-19 testing services over the course of the pandemic. The exposure came to light after a security expert checked for test results for a family member and noticed the issue. discovered the issues in March after a family member got a COVID-19 test. The vulnerability has been around since at least March 2021 when the expert discovered it, but likely longer
Individual Risk: 1.217=Extreme
Patient personal data exposed include each patient’s name, date of birth, gender identity, phone number, address and email. In some cases, test results are also available.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business When a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause. It’s also going to cost them a fortune in penalties once regulators get finished with them.
Source: vox