Medical Web Experts Security Bulletin: October 2021

Pablo Bullian

Pablo Bullian

Posted on October 06, 2021

Illustration. Middle: computer screen. Right: girl holding a key. Left, boy holding a cell phone.

Walgreens’ Poor Security Measures Exposed Patient Data and Covid-19 Test Results

Patients who got a Covid-19 test at Walgreens, possibly as far back as July 2020, were vulnerable to data exposure due to subpar security measures. Patient Covid-19 test results and personal health information (PHI) were easily accessible from Walgreens’ test confirmation page to anyone with a 32-digit order ID number, a number that is easily generated.

Walgreens took a long time to fix this issue. When they finally did, they merely added a second authentication step, requiring the date of birth of the patient. Patient data is still potentially accessible to Walgreen’s advertising and analytics partners.

Medical Web Experts specializes in custom patient portal development that prioritizes safeguarding patient information. We build patient portals that fully comply with HIPAA regulations and employ advanced patient authentication methods. To learn more, click here.

The Number of Zero-Day Vulnerabilities Hits A New Record in 2021

Zero-day vulnerabilities are usually high-risk attack vectors that have no patch available. Attackers, such as ransomware gangs, typically use zero-day vulnerabilities to gain access to companies’ networks. In 2021, we reached a new peak in the number of reports of these vulnerabilities. This new record is a direct consequence of the rising numbers of financially motivated hacking groups. It’s crucial for organizations to keep up with news and advisories from trusted sources to mitigate the risk quickly when a zero-day sees the light of day.

Security Updates for Apple Devices and Google Chrome

This month, some very urgent patches were released and users were encouraged to make updates as soon as possible. The patches address an exploitation tool used by the NSO group to hack Apple devices and a high-severity-rated zero-day vulnerability for Google Chrome. As always, we at Medical Web Experts want to reinforce the idea of employing automatic security patching for devices and servers. Doing so will keep your devices from being exposed to known vulnerabilities.

Security Flaws Found in Canadian Covid-Passport App

A private Canadian Covid-19 passport mobile app, recommended by some sports associations to access their stadiums, has been found to lack some basic security mechanisms. Current concerns are that fake data can be uploaded to the app, as the app does not conduct any real verification measures, and public access to its own backend where the data resides. In this new era, in which Covid-19 passports are becoming more common, software security should be prioritized in order to keep PHI protected and private.


Pablo Bullian

Pablo Bullian

Pablo, our Chief Information Security Officer, architected and manages Medical Web Expert’s HIPAA-compliant hosting infrastructure. He is a Certified Information Systems Security Professional (CISSP), Amazon Web Services (AWS) Certified Solutions Architect, and Cisco Certified Network Associate (CCNA). Pablo has an M.S. in Cybersecurity from the University of Buenos Aires and he’s passionate about all things related to cybersecurity and cloud hosting.

Related Posts

Graphic of a large laptop with a shield and padlock in front of it. Smaller images of people on the left and right side of the labtop interact with various mobile devices.

Posted on February 16, 2022 by Pablo Bullian

Welcome back to the Medical Web Experts Security Bulletin. Below are some recent developments that may impact your organization, as well as our recommendations for keeping your systems secure. Mitigating…Read more


Illustration of a boy sittin on top of a computer with security shields floating.

Posted on January 07, 2022 by Pablo Bullian

A Look at 2021’s Most Dangerous Vulnerabilities Found in Windows Patching is a complex task that most companies struggle with or overlook, but keeping systems, and therefore patches, updated is…Read more