Walgreens notified customers last month of a personal data breach that occurred in January stemming from its mobile app. The company indicated that it took steps to remedy the problem once discovered, but that health information for a “small percentage of the total users who were affected” was leaked.
According to ZDNet, “The Walgreens Android app lists more than 10 million downloads on the Google Play Store.”
A recent Cyberhedge Cyber Governance Alert on Rite Aid tells a similar tale of a breach borne out of the role of digital technology in the company’s growth strategy:
- Patient medical data is the highest-value data Walgreens and any retail pharmacy has to protect—and it is central to the viability of the medical prescription business that drives the company’s revenues and margins.
- A digitalization push by retail pharmacies, including Walgreens, means more complex networks with a large threat surface relative to owning a high-value asset for hackers: medical data.
Walgreens has been a poster child for digital transformation in the retail pharmacy sector, including a high-profile partnership with Microsoft. On the plus side, tools like a mobile app have helped Walgreens increase pharmacy revenue, and the company has highlighted its investment in IT as part of the company’s growth strategy. But, this comes with downside financial risk and requires Walgreens to balance growth with security to better protect its most valuable (for the market) and sought after (for hackers) asset. This should be an area of focus for the board, C-suite and investors.