25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Flaw in Walgreens Mobile App Secure Messaging Feature Exposed PHI

Posted By on Mar 4, 2020

Walgreens has started notifying customers that some of their protected health information may have been accessed by other individuals as a result of an error in the personal secure messaging feature of the Walgreens mobile app.

The secure messaging feature allows registered customers to receive SMS prescription refill notifications and deals and coupons. An undisclosed error in the app was identified that allowed certain information in its database to be viewed by other customers.

Affected customers have been advised that one or more personal messages may have been viewed by other individuals between January 9, 2020 and January 15, 2020. The personal messages included patients’ first and last names, drug name and prescription number, store number, and shipping address. Walgreens said health-related information was only exposed for a limited number of affected customers. The messages did not include any Social Security numbers or financial information.

According to a breach notice submitted to the California Attorney General on Friday, the error was detected by Walgreens on January 15, 2020. Walgreens immediately disabled message viewing to prevent any further unauthorized disclosures while the incident was investigated. Walgreens determined an internal application error was to blame and a technical correction was implemented to resolve the issue.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The Walgreens mobile app has been downloaded more than 10 million times from the Google Play store, but the error only impacted a small percentage of customers. According to the data breach summary on the Department of Health and Human Services’ Office for Civil Rights breach portal, 6,681 individuals were affected by the breach. It is unclear how many personal messages were accessed by other customers as a result of the error.

Walgreens will be conducting additional tests of the mobile app in the future before any updated versions are released to ensure updates do not impact the privacy of its customers.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist