Patients who got a Covid-19 test at Walgreens, possibly as far back as July 2020, were vulnerable to data exposure due to subpar security measures. Patient Covid-19 test results and personal health information (PHI) were easily accessible from Walgreens’ test confirmation page to anyone with a 32-digit order ID number, a number that is easily generated.
Walgreens took a long time to fix this issue. When they finally did, they merely added a second authentication step, requiring the date of birth of the patient. Patient data is still potentially accessible to Walgreen’s advertising and analytics partners.
Medical Web Experts specializes in custom patient portal development that prioritizes safeguarding patient information. We build patient portals that fully comply with HIPAA regulations and employ advanced patient authentication methods. To learn more, click here.
Zero-day vulnerabilities are usually high-risk attack vectors that have no patch available. Attackers, such as ransomware gangs, typically use zero-day vulnerabilities to gain access to companies’ networks. In 2021, we reached a new peak in the number of reports of these vulnerabilities. This new record is a direct consequence of the rising numbers of financially motivated hacking groups. It’s crucial for organizations to keep up with news and advisories from trusted sources to mitigate the risk quickly when a zero-day sees the light of day.
Security Updates for Apple Devices and Google Chrome
This month, some very urgent patches were released and users were encouraged to make updates as soon as possible. The patches address an exploitation tool used by the NSO group to hack Apple devices and a high-severity-rated zero-day vulnerability for Google Chrome. As always, we at Medical Web Experts want to reinforce the idea of employing automatic security patching for devices and servers. Doing so will keep your devices from being exposed to known vulnerabilities.
A private Canadian Covid-19 passport mobile app, recommended by some sports associations to access their stadiums, has been found to lack some basic security mechanisms. Current concerns are that fake data can be uploaded to the app, as the app does not conduct any real verification measures, and public access to its own backend where the data resides. In this new era, in which Covid-19 passports are becoming more common, software security should be prioritized in order to keep PHI protected and private.