This week and into next week, chain pharmacies around the United States widely anticipate starting to offer coronavirus vaccinations. The initial rollout will begin with 6,500 pharmacies and other retail sites. They will collectively release 1 million doses. As the vaccine supply increases, the program will eventually expand to 40,000 pharmacies and they will distribute many more million doses of the vaccine. More than 20 major pharmacy chains anticipate delivering shots to consumers.
Some experts worry about cyber criminal plans to leverage bots in mass-reserving vaccine appointment slots, then reselling them to the public. These types of bots, known as “scalper bots”, are able to sweep up limited supplies of high-demand goods, from theater tickets to electronics, within milliseconds of their release.
Late last year, scalper bots snatched up PlayStation consoles, contributing to their scarcity in physical stores and on reputable online sites. Many of these products were ultimately found on online auction sites, selling for high markups.
Bots beware: CVS and Walgreens are ready
In response to this concern, a spokesperson from CVS stated “Our vaccination appointment site has a layered defense that includes capabilities to detect automated cyber attacks, such as botnets”.
Walgreens responded to an inquiry with, “We recognize during these unprecedented times cybersecurity threats pose a constant risk…We currently have a team of subject matter experts across the company focused on planning and preparing for the delivery of Covid-19 vaccinations to the general public, once available, which includes my Information Security team.
The Walgreens team is working to ensure only authorized and eligible patients will have access to schedule a vaccine appointment. To do so, security measures such as Bot Detection and Prevention will play key roles in delivering this critical service to patients.”
Other organizations that intend to distribute vaccines en-masse should devise plans to stay ahead of bot-related threats. Infrastructure and intelligence will be critical.
Botnets are boring, this threat worse
A larger threat stems from phony vaccine appointment registration sites. These types of sites could pilfer a person’s credit card details and other sensitive personal information. All of this data could be illegally sold on the dark web for profit.
For more information on vaccine scams, visit the BBC.
PS. Need info about scheduling a vaccine appointment?
According to USA Today, appointments at local CVS pharmacies can be arranged via CVS.com or through the CVS Pharmacy app. Walgreens appointments should be scheduled via Walgreens.com/ScheduleVaccine. Other pharmacies, from Rite Aid, to Hy-Vee, to Albertsons, to Costco, to Health Mart, plan to distribute vaccines as well. Find information for your state here.