Medical Web Experts Security Bulletin: October 2021

Pablo Bullian

Pablo Bullian

Posted on October 06, 2021

Illustration. Middle: computer screen. Right: girl holding a key. Left, boy holding a cell phone.

Walgreens’ Poor Security Measures Exposed Patient Data and Covid-19 Test Results

Patients who got a Covid-19 test at Walgreens, possibly as far back as July 2020, were vulnerable to data exposure due to subpar security measures. Patient Covid-19 test results and personal health information (PHI) were easily accessible from Walgreens’ test confirmation page to anyone with a 32-digit order ID number, a number that is easily generated.

Walgreens took a long time to fix this issue. When they finally did, they merely added a second authentication step, requiring the date of birth of the patient. Patient data is still potentially accessible to Walgreen’s advertising and analytics partners.

Medical Web Experts specializes in custom patient portal development that prioritizes safeguarding patient information. We build patient portals that fully comply with HIPAA regulations and employ advanced patient authentication methods. To learn more, click here.

The Number of Zero-Day Vulnerabilities Hits A New Record in 2021

Zero-day vulnerabilities are usually high-risk attack vectors that have no patch available. Attackers, such as ransomware gangs, typically use zero-day vulnerabilities to gain access to companies’ networks. In 2021, we reached a new peak in the number of reports of these vulnerabilities. This new record is a direct consequence of the rising numbers of financially motivated hacking groups. It’s crucial for organizations to keep up with news and advisories from trusted sources to mitigate the risk quickly when a zero-day sees the light of day.

Security Updates for Apple Devices and Google Chrome

This month, some very urgent patches were released and users were encouraged to make updates as soon as possible. The patches address an exploitation tool used by the NSO group to hack Apple devices and a high-severity-rated zero-day vulnerability for Google Chrome. As always, we at Medical Web Experts want to reinforce the idea of employing automatic security patching for devices and servers. Doing so will keep your devices from being exposed to known vulnerabilities.

Security Flaws Found in Canadian Covid-Passport App

A private Canadian Covid-19 passport mobile app, recommended by some sports associations to access their stadiums, has been found to lack some basic security mechanisms. Current concerns are that fake data can be uploaded to the app, as the app does not conduct any real verification measures, and public access to its own backend where the data resides. In this new era, in which Covid-19 passports are becoming more common, software security should be prioritized in order to keep PHI protected and private.


Pablo Bullian

Pablo Bullian

Pablo, our Chief Information Security Officer, architected and manages Bridge’s HIPAA-compliant hosting infrastructure. He is an Amazon Web Services (AWS) Certified Solutions Architect, Certified Information Systems Security Professional (CISSP), and Cisco Certified Network Associate (CCNA). Pablo has an M.S. in Cybersecurity from the University of Buenos Aires and he’s passionate about alll things related to cybersecurity and cloud hosting.

Related Posts

Posted on September 02, 2021 by Pablo Bullian

Infusion Pump Hack Could Allow Attackers to Change Meds Administered to Patients Researchers at McAfee uncovered a hack that allows attackers to take control of B. Braun infusion pumps, which…Read more


Posted on August 11, 2021 by Pablo Bullian

Medical Web Experts is now a SOC 2 Type 1 Certified Compliant Organization During Q2 2021, Medical Web Experts became a SOC 2 Type 1 compliant organization. The SOC 2…Read more