A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration. Researchers said the data points revealed could be strung together to create an extremely personal snapshot of someones s medical situation. CVS Health is the parent company behind multiple household brands, including the CVS Pharmacy retail pharmacy chain; CVS Caremark, a pharmacy benefits manager; and Aetna, a health insurance provider. The records also contained the data types Visitor ID and Session ID, indicating the items that visitors searched for.
Source: https://threatpost.com/cvs-health-records-billion-customers-exposed/167011/