Problem in Walgreens Mobile Application Secure Messaging Feature Exposed PHI

Walgreens began informing clients concerning the probable access of their protected health information (PHI) by other persons due to a mistake in the Walgreens mobile application, in particular, its personal secure messaging function.

The secure messaging function enables registered clients to be given SMS prescription refill messages and deals and vouchers. An undisclosed mistake in the application was discovered that granted other clients to access the data in its database.

Impacted clients were told that other people might have read a number of personal communications from January 9, 2020 to January 15, 2020. The personal communications may have contained patients’ first and last names, medicine name and prescription number, shop number, and delivery address. Walgreens stated that medical-related data was just exposed for some impacted clients. There was no financial data or Social Security number contained in the messages.

As per a breach notice filed at the California Attorney General on Friday, Walgreens discovered the mistake on January 15, 2020. Walgreens promptly disabled the accessing of messages to avoid any more not authorized disclosures while the incident investigation is ongoing. Walgreens stated that the problem was because of an internal application blunder and carried out a technical correction to take care of the matter.

The Walgreens mobile application has more than 10 million downloads from the Google Play store, yet the flaw merely affected a small number of clients. Based on the data breach report on the Department of Health and Human Services’ Office for Civil Rights breach website, the breach impacted 6,681 persons. The number of personal messages viewed by other clients because of the problem is uncertain.

Walgreens is going to perform more tests of the mobile application down the road prior to issuing any modified versions to make certain the updates will not affect client privacy.