Vox said the issues stem at least as far back as July 2020 but could potentially trace back to April 2020. Anyone signing up for a test with the pharmacy as of Wednesday will be similarly exposed.
Test Data Exposed
Vox’s Recode published an alarming report Monday that accuses Walgreens of exposing and failing to protect the personal data of millions who signed up for COVID-19 tests through its “sloppy” registration system.
That exposed data reportedly includes people’s name, birthday, gender identity, phone number, address, email information, and in some cases, even their test results. All of this “was left on the open web for potentially anyone to see and for the multiple ad trackers on Walgreens’ site to collect,” Recode reporter Sara Morrison said in the article, published Monday.
According to Morrison, the exposed data potentially stretches as far back as April 2020, which is when Walgreens first began offering COVID-19 tests, but it definitively traces back at least to July 2020 given Recode’s findings.
The Issue Involves Test Confirmation Links
Security experts cited by Morrison said the vulnerabilities are basic issues that Walgreens, one of the largest pharmacy chains in the country, should have known how to prevent.
Essentially, anyone with a link to an appointment confirmation can view the full confirmation. There’s no need to log in or authenticate your identity any other way.
To make the situation even easier for bad actors, the links used to confirm appointments are exactly the same minus a unique patient ID contained in what’s called a “query string.” With millions of tests confirmed, it’s not hard for a hacker or a bot to start finding active pages, though a Morrison noted, it would be “close to impossible” to find a specific person through this method.
Still, it’s not totally impossible to find a specific person. If a patient views their confirmation link on a shared computer, such as one at work or a public library, anyone with the ability to check that computer’s browser history can click on the link and reap the person’s information.
“Security by obscurity is an awful model for health records,” Sean O’Brien, founder of Yale’s Privacy Lab, told Recode.
Walgreens Has Not Fixed the Issue
Even after one tech consultant discovered the issue in March and pointed it out to Walgreens multiple times, the company seemingly did nothing, according to Morrison.
From there, Recode said it informed Walgreens of the findings again and even gave it “time to fix the vulnerabilities before publishing” its piece, but once again, the company failed to do anything.
As of right now, anyone scheduling a COVID test with Walgreens appears to be at the same level of risk as those who previously registered. Not only is that a concerning privacy issue, but it could also discourage many from getting tested.
In statements to several outlets, Walgreens has not directly addressed the security concerns. For example, it only told Fox Business that it “routinely evaluate[s] our technology solutions in order to provide safe, secure, and accessible digital services to our customers and patients.”
For those seeking COVID tests and potentially discouraged by this news, it is important to remember that Walgreens isn’t the only pharmacy chain offering free tests. Cities and counties across the country are also continuing to offer free testing sites amid a spike in cases caused by the Delta variant.
See what others are saying: (Recode) (Fox Business) (Reuters)
China Decrees All Crypto-Related Transactions Illegal
The announcement has led to significant sell-offs in the crypto market, though many analysts expect those sell-offs to be short-term.
Crypto Is Illegal in China
China’s central bank announced on Friday that all cryptocurrency-related transactions are illegal.
“Virtual currency-related business activities are illegal financial activities,” the People’s Bank of China said, adding that cryptocurrency “seriously endangers the safety of people’s assets.”
In 2019, China officially banned crypto trading through its domestic exchanges as a way to suppress money laundering, but since then, it has also worked to restrict people in the country from continuing to trade using online foreign exchanges.
In May, China barred banks and other financial institutions from providing crypto-related transaction services while warning traders that it would not protect them against speculative trading.
The following month, the province of Sichuan banned crypto mining, which in turn lead to some miners leaving the country. To prove it was serious on its crackdowns, the People’s Bank even ordered one company to shut down in July due to suspicions that it was “providing software services for virtual currency transactions.”
China’s new decree fully outlaws all online foreign exchanges from offering services in the country. Further, anyone in China who participates in crypto-related activities will be prosecuted.
The country will also now gradually phase out domestic mining operations, and from this point forward, it will no longer allow new operations to pop up. Between Sept. 2019 and April this year, China fell from accounting for 76% of the world’s Bitcoin energy use to 46%.
Crypto Fears Induce Sell-Off
Major digital currencies such as Bitcoin and ether tumbled after China’s latest decision.
On Friday, Bitcoin, which has never been a stranger to volatility, fell from a 24-hour high of $45,000 to a 24-hour low of $40,800. Meanwhile, ether, the world’s second-largest virtual coin, fell from nearly $3,200 to below $2,800 within the same time frame.
Still, many analysts expect the sell-offs to be short-term given that additional crypto crackdowns by China were already expected.
Many crypto holders in the country are also worried that their investments will now be forever frozen by China.
“I have already received over a dozen messages – email, phone and encrypted app – from Chinese crypto holders looking for solutions on how to access and protect their crypto holdings in foreign exchanges and cold wallets,” David Lesperance, a Toronto-based attorney who works in the international crypto trading sphere, told CNBC on Friday.
“Along with not being able to do anything with an extremely volatile asset, my suspicion is that… the Chinese government will ‘offer’ them in the future to convert it to e-yuan at a fixed market price,” he added.
Currently, China is one of many countries which has announced plans to develop and launch a digital version of its currency.
NY Gov. Says State Will Seek To Replace Some Unvaccinated Staff With Foreign Workers
The effort is aimed at addressing job shortages in the healthcare industry, which will only become worse next week when medical facilities in the state can begin terminating unvaccinated workers.
NY To Terminate Unvaxxed Medical Staff
Starting Monday, medical facilities in New York state will be allowed to terminate any healthcare workers who haven’t already received at least one COVID-19 vaccine shot.
According to data compiled by the state’s Health Department, 19% of hospital workers and 18% of nursing home workers were unvaccinated as of Sept. 15.
Given that nearly one in five people in the state’s healthcare workforce are unvaccinated, mass terminations could exacerbate problems in a field that is already struggling with job shortages.
Because of that, Gov. Kathy Hochul (D), who assumed the position last month following the resignation of Andrew Cuomo, said New York is currently “reaching out to the Department of State to find out about visas for foreign workers, on a limited basis, to bring more nurses over here.”
Hochul added that the state is also “working closely with various hospital systems to find out where we can get other individuals to come in and supplement places like nursing homes.”
For now, a clear answer seems uncertain as New York tries to navigate the difficult task of ensuring that healthcare facilities are adequately staffed while also not allowing unvaccinated workers to potentially spread COVID.
Staffers who claim religious exemptions to the vaccine will be able to avoid the deadline and continue working until at least Oct.12, but it’s also possible that their formal challenge could fail in court after that day. Many of those bucking against the requirement are Catholic and oppose the use of “aborted fetal cell lines” that helped develop the vaccine, despite the U.S. Conference of Bishops and Pope Francis both endorsing the vaccine.
Medical Facilities Fear Shutting Down Over Employee Shortages
Employee shortages have been hitting every sector of the workforce in recent months, but one area where shortages are proving to be particularly disastrous is healthcare.
According to data published this month by the American Health Care Association and National Center for Assisted Living, “86% of nursing homes and 77% of assisted living providers [surveyed] said their workforce situation has gotten worse over the last three months.” Around 50% of both types of facilities indicated that staffing issues have gotten “much worse.”
The same survey found that “nearly every nursing home (99%) and assisted living community (96%)” in the country is currently facing a staffing shortage, which is leading to nearly all workers taking on overtime or extra shifts. As a result, many facilities have had to limit admissions.
Perhaps even more concerning is that 78% of nursing homes and 71% of assisted living communities are worried these shortages might force them to close.
Around 70% of both types of facilities said they believe the staffing shortages are due to a lack of interested or qualified candidates, coupled with unemployment benefits discouraging people from work. The next greatest cause of the shortages was the loss of staffers due to vaccination requirements, which was indicated by about 40% of respondents.
See what others are saying: (Axios) (New York Post) (ABC Rochester)
Couple Kicked Out of Texas Restaurant for Wearing Masks Out of Concern for Immunocompromised Son
While the pair has been met with widespread support online, they’ve also had to defend themselves from critics who slammed them for going out to a restaurant in the first place.
Texas Restaurant Sparks Outrage With Face Mask Ban
A couple in Texas said they were forced to leave Hang Time Bar & Grill earlier this month after refusing to comply with the owner’s ban on face masks.
Natalie Wester and her husband Jose Lopez-Guerrero went out to meet friends at the restaurant in Rowlett on Sept. 10. They told NBC’s TODAY this was a rare date night for them since they are new parents to a four-month boy who has cystic fibrosis.
The pair wore their masks out in public to be as safe as possible with their son in mind as he stayed home with his grandmother that night.
According to a Facebook post from Wester, they were immediately asked to take down their face coverings when entering the restaurant. Because the music was loud, they assumed it was related to staff checking their IDs, so they put their masks back on and went to order. After ordering, Wester said a waitress came over to tell her, “Our manager sent me over because I’m nicer than he is. And yes, this is political.“
“She then told me that masks are not allowed in their building, and they can make the rules because they are [a] private business,” Wester wrote in her post. “She said that the mask ‘doesn’t work, is like using a chain-link fence to keep out mosquitoes, and doesn’t give people enough oxygen.'”
Wester allegedly explained that they were wearing masks out of concern for their immunocompromised baby at home. However, she was reportedly told there was no other option and that they would have to close out their tab if they didn’t comply.
Because the couple didn’t want to make a scene or ruin their friends’ night, they decided to go home and wrote about their experience on Facebook, which they also left as a review on the restaurant’s page. It, of course, went viral.
Owner Stands by Policy
Since then, the owner of the restaurant, Thomas Blackmer, has admitted on Facebook and to reporters that he doesn’t allow masks inside his business.
He told The Washington Post that he implemented the ban in April because he doesn’t think masks stop COVID from spreading and believes criminals can use them to get away with a robbery, theft, or vandalism in a place where his two adult children work.
“I’m not doing things that put them at risk,” he added.
He has also reportedly shared anti-vax and anti-mask content on social media.
After news of this incident spread, Blackner was was hit with a flood of backlash both over the phone and online. He claims he even had to move from his Dallas apartment into one he’d already rented but hadn’t moved to after he was doxxed on Twitter.
Still, he is not backing down on his stance. “This is right,” he told The Post, “and if we don’t have a business next week, we’ll be fine.”
Meanwhile, the couple at the center of this story has also faced backlash from people who asked why they went out in the first place. Many are digging through their social media posts to call them out about any other times they were spotted without a mask or at a large gathering.
For example, strangers found a photo of Wester not wearing a mask in August while taking her mom to see a Chris Stapleton concert. Wester told The Post she wore a mask inside the venue until they got to their seats and decided to take some pictures.
The couple has also responded by noting that their son’s doctors have encouraged them to still live their lives, telling TODAY that they “just advised us to be a little extra cautious when we’re going out and use our brains and make decisions as we feel appropriate, and that’s why we left.”
Wester additionally argued that photos of her without masks or at events don’t negate any part of their experience at this specific establishment.
“Tom has stated that he does not care for masks nor believes that they work,” she told The Post. “I am confused why me wearing one (or not wearing one) in any setting would matter to them?”