I Received Someone Else's COVID Results and Personal Information

Road Schooled by Joe Trey: AKA Adventure Hermit

https://img.particlenews.com/image.php?url=0WNoCj_0YXz7yMb00

Photo by @MargJohnsonVA via Twenty20

Receiving Someone Else's Test Results

After being tested, I received account access, results, and personal information for someone else COVID testing. I do not want to discourage anyone from getting tested. It is a valuable service. I hope what I provide below will help individuals navigate the testing process and protect their personal information. Furthermore, I hope Covid Check Colorado and Primary Bio (whom I've been unable to reach) use this information to improve ASAP.

Colorado Testing Services

https://img.particlenews.com/image.php?url=3OSAYQ_0YXz7yMb00

Photo by @alinabuzunova via Twenty20

Covid Check Colorado and Primary Bio are leading the testing efforts in Colorado. The testing locations seem to be running smoothly. However, the technology supporting these systems seems to put speed above privacy concerns. It is evident the race amongst tech companies to profit from testing by securing state contracts puts patient security at risk.

I've made attempts to reach Covid Check Colorado and Primary Bio in the past ten days. Multiple emails and phone calls have gone unanswered by both agencies. In most cases, the calls go directly to voicemail even before the first ring. I have not received confirmation of the email were received. Nor have I received any response. 

The experiences described below are what happened to me personally. Others may have different experiences. By sharing what happened, I hope to help others—especially those not technically savvy and able to navigate their way safely through the existing systems.

This report began when my wife could not access the COVID account she established for our daughter. Multiple attempts to retrieve login information failed. A reset link never arrived.

The one time we did reach support, they were able to send her a link. However, each time she attempted the reset, it failed with an invalid email message. An invalid email error is odd since it is the email support used to send her a reset link.

Attempts to re-register (using her email address) reported that the email was already in use — The same email that was invalid? She was caught in an endless loop, with no support. That forced her to create a second account.

The Testing Experience

https://img.particlenews.com/image.php?url=13043i_0YXz7yMb00

Courtesty of Envato Elements. Used by Permission

Our daughter's school recently informed of potential exposure to someone who tested positive for COVID. She would need to be tested and receive a negative result before she could return to school. She was nervous but bravely went. She was the first person in our family to get tested. She did great, and the onsite crew at Cherry Creek High School was top notch! Everyone there helped to ease her concerns.

My wife and I wanted to show her our support, so we decided to sign up and get tested as well. We took advantage of the drive-up service — not even having to get out of our car. When we arrived, my wife leaned out one window, and I the other. We challenged each other not to sneeze as the cotton swab sticks swirled around inside our nostrils. We felt like a Dairy Queen Blizzard. Our eyes watered, but the process was painless and straightforward. 

COVID Testing is Important, But Speed Should Not Negate Privacy

After completing my test, I received a text later that evening. What I thought was a follow-up turned out to be an appointment for the following day. I clicked on the link and was surprised to see the personal information belong to a woman in a neighboring town. Her name, QR code, and COVID Testing ID all appeared. Nearly everything I needed to access her account.

When you register for testing, you create an account with a user name and password. However, you only need the COVID Account Code, Last name, and Date of birth to see any person's test results. Login is not required. Additionally, the code arrives in a non-encrypted URL. Something even low-level hackers could easily acquire. 

This breach in security piqued my curiosity. In less than 10 seconds, the information sent to me from Primary Bio told me everything. I knew where this woman lived, her phone number, email addresses, place of employment. Additionally, I saw the all-important birthday, giving me full access to her test results. 

How Did This Happen?

From my Google search, I determined that our phone numbers are identical except for one digit. The two numbers are next to each other on a keypad. It appeared to be an easy mistake. Regardless, the verification system failed to account for it. 

There is no delay between forwarding this personal information and the system waiting to verify a phone number. The system should wait for verification before sending any personal information. That is an expectation that any user would assume is in place. 

Protecting Yourself: Navigating the Systems Step by Step

https://img.particlenews.com/image.php?url=01Wvel_0YXz7yMb00

Image by fernando zhiminaicela from Pixabay

As of 2/4/2021, this information is accurate. I have walked several people through this process. I provide these findings to help others—especially those who may give up out of frustration.

REGISTERING or LOGGING IN

  1. Log in to Covid Check Colorado
  2. Select GET MY TEST to Continue. You must do this, even if you previously registered. There is no login option on this page.
  3. On the next page, select Register Myself. Again, even if you have previously registered. 
  4. On the third page, a login option is finally presented.

 Bookmark the last page for easier access later. Once you logout, there is no login option on Primary Bio's page. Primary Bio's page only has an ADMIN Login. There are no registration or login options for individuals.

Login Failures

Portal access continues to fail. I've tested using Safari, Chrome, and Firefox from multiple computers. Invalid email or password errors continuously occur. If reset is successful, it rarely lasts longer than a single login attempt. 

Unexplainably, not login out seems to retain credentials. I cannot say for sure if logging out is adding to the problem. But there does seem to be some connection. Logging in from text links most often works on mobile devices. 

Confirming Your Registration Before Testing is Vital

The system has a verification process for your email and phone number. Be sure you enter this information accurately and verify both before continuing. If you do not receive both confirmations, double-check your phone and email. 

No matter how many times my wife requested the email confirmation, it never came through. Her work address was successful, but her YAHOO account was not. Unfortunately, my wife's first account remains inaccessible. 

Password login is not required to view results — more on that in a moment. However, without access, we cannot view our daughter's account or schedule follow-ups. 

Viewing Your Results

https://img.particlenews.com/image.php?url=2wH4W5_0YXz7yMb00

Photo Courtesty of Envato Elements. Used by Permission.

After testing you should receive a text and email with a link to your results. I provided and verified my email but never received emailed results, only a link through text. If you cannot print from your phone, you can email yourself a screenshot of the results. Also, if you can access the portal, you can see the results there.

After viewing your results on a webpage, there is no logout option. Only an option to schedule a follow-up. When selecting this option, it often fails with a confusing error: "Member already has been claimed."

If you receive this error, scroll down to find the login option. Each time I attempted to access the portal, I had to reset my password. I could use the previous password, but I've had to go through the reset process every time.

A Please to Service Providers and State Agencies

COVID has created a profitable market. That is expected, but people are not widgets. A simple, functioning and secure system is a right that everyone impacted by this pandemic deserves. Tech companies have a responsibility to fulfill this obligation. 

Read full story in "NewsBreak" App

Comments / 0

Published by

Joe Trey is the Adventure Hermit! A moniker fitting of his ambivert nature. Visions of rock stardom drove him to get a BFA in music from the University of Connecticut. Not long after, he abandoned his dreams of NYC and relocated to the Rocky Mountains! He has drunk the occasional "toe." When in Dawson, one might say. Don't ask. Or do! His work and love of travel have brought him nearly around the world. Writing, Hiking, Camping, Music, Motorcycles get him up and out each day. Hugging his wife and teenage daughters at night, bring him home! Not a tortoise, not a hare (but a bit hairy in all the wrong places), Joe only competes with himself. Through his writing and adventures, he encourages others to do the same!

Colorado State
187 followers

More from Road Schooled by Joe Trey: AKA Adventure Hermit

Aurora, CO

Three Injured as Floor Collapses at House Party

Firefighters Outside Collapsed Floor at House PartySouth Metro Fire. Last night, around 9:30 PM, a house party at E. Princeton Pl. in Aurora resulted in a large section of floor collapsing under the weight of teenagers attending a house party. Various reports state the number in attendance to be anywhere from 150 to 300 students from three schools, Grandview, Smoky Hill, and Eaglecrest. Videos on Snapchat show people having a good time jumping and singing. As the floor collapses, an adult appears to sleep nearby. A moment later, several teens fell into the basement below while others clung to the edges of the collapsing floor.

Read full story
Denver, CO

Denver International Airport $170 Million Upgrade!

"Blucifer" as the Blue Horse is affectionally known by ColoradansEric Golub. This Friday, I head to Denver International Airport, DIA, to those in the know. I am slightly intrigued by the unique flying experience I'm about to expect as a first-time Allegiant flyer. But I am more excited about the "little "$170 million line item that is part of DIA's $770 million master plan.

Read full story

Venmo for Business is Finally Here. But is it Right For You?

Venmo for Business is Finally Here. Do you have a small business or Side Hustle and always dreamed of taking credit cards, but the process seemed too complicated? Well, it looks like VENMO is finally here to change all that.

Read full story

Can there Actually Be More than One World's Best Dad?

It's a pretty crummy day outside, but I still want to go for a walk. I contemplate putting on a hat that I received from my daughter, Nya. I love her, but I have a problem wearing it out of the house. I could easily blame it on my oversized head. Or the hats, somewhat over-ambitious, and falsely stated "one-size fits all" label. But, it will most likely go unworn because of what it says above the brim. "World's Best Dad."

Read full story

How a Sneeze Almost Lead to Falling in Love with a Girl in Germany

The sneeze gets a bum wrap in a world consumed by COVID. It was once the cupid of bodily functions. Bringing strangers together. Often eliciting smiles from the most unyielding of scowls. An authorized, unsubstantiated and likely unconfirmed study estimates nearly 68.2% of all successful marriages began with a sneeze. A moment when one stranger said "bless you" to another. (*citation required and likely not forthcoming)

Read full story
Aurora, CO

Surviving COVID Snow Days: The Joy of Whiskey, Coffee and Chris Stapleton:

Photo Licensed through Envato Elements. The video may have killed the radio star, but COVID killed the Snow Day. A sacred day for school children around the world. Remote learning has abolished the once treasured freebie of a day.

Read full story

Is it Time to Say Yes to Living? Avoiding the Un-Lived Life

"Time is like a river. You cannot touch the same water twice because the flow that has passed will never pass again. Enjoy every moment of life." — Unknown. What does it mean to be stuck? In its simplest form, being stuck means knowing what you want. But not knowing how to get it. It can happen in relationships, jobs, or just a general feeling of dissatisfaction as you fall asleep or when you wake up. It can feel debilitating. However, you can also be stuck and not know it. Perhaps you are in a rut? Or maybe you have sunk so far into your routine that you neglect to notice life passing you by like a river.

Read full story
Colorado State

Black History Month in Colorado: Past, Present and the Future

Black History Month isn't relegated to the shortest month of the year, as some have claimed. The problem is our misinterpretation that it is the only time of year to celebrate Black History. Instead, it should be seen as a launching point. The month is meant for reflection. What we learn is intended to be carried forward throughout the year to create a more comprehensive history.

Read full story

YMCA's Mountaineering Month Continues : Affordable Getaway with the Family

Are you looking for a family getaway? Something remote and safe with tons to do? Consider a trip to the YMCA of the Rockies. February is a great time to take advantage of discounted pricing and Special Mountaineering Month Activities!

Read full story

Anti-Valentiners Unite: Singles Awareness Day Turns 15 in 2021. Or Does It?

Broken Heart Cookie via Envato Elements — Used by Permission. Quenching the thirst of the lonely since approximately 2005, February 15th is the 15 anniversary of Singles Awareness Day. If you're thinking to yourself, "that's a lotta 5's," you'd be right. But if you believe the accuracy of the date, you're only partially on the right track. February 15th is the antithesis of Valentine's day. Scientifically proving that every rose indeed has its thorn.

Read full story

Cupid's Dilemma: Love, Death, and Cold Hard Cash!

Before the baby known as Cupid took over Valentine's Day, he was initially brought forth around 700 BC, as Eros. According to Greek legend, he was more powerful than a God. Named after the Greek word for desire. The son of Aphrodite, the goddess of love.

Read full story

Hank, Herbie, and Natalie : Connections in History Episode 3 : Special Black History Month Edition

Today we examine connections between significant moments on February 5. Natalie Cole (dbking, CC BY 2.0, via Wikimedia Commo), Herbie Hancock(John Mathew Smith & www.celebrity-photos.com from Laurel Maryland, USA, CC BY-SA 2.0, via Wikimedia Commons) & Hank Aaron (Kingkongphoto & www.celebrity-photos.com from Laurel Maryland, USA, CC BY-SA 2.0, via Wikimedia Commons.

Read full story

Dustin “Screech” Diamond Dies at 44 from Stage 4 Cancer

Rob DiCaterino from Clifton, NJ, USA, CC BY 2.0, via Wikimedia Commons. Mr. Belding: "Screech, you can't elope." Screech: "Who are you calling a cantaloupe, you melon head?" Ever since the reboot of Saved by the Bell was released, I kept Dustin Diamond might reprise his role as Screech. I was hoping it might be a second chance for Dustin Diamond, AKA Screech. He had fallen on hard times throughout his career following his post-Bayside days. Sadly that is not to be.

Read full story

A Phoenix Rises! After a Two Year Hiatus, Kawasaki Unveils the 2022 KLR 650

If you are not into motorcycles, this article may hold little appeal to you. Then again, if you like Adventure, a bit of heartache, and an over-exuberant 40' something working his overweight backside into a sea of aspen trees, then perhaps this announcement will hold some interest to you.

Read full story

Singer, Actress & Comic Legend Cloris Leachman Dies at 94. Leaving us with Tears of Laughter

Wikipedia: Cloris Leachman in a publicity photo in July 1970. Cloris Leachman April 30, 1926 — January 26, 2021 (aged 94) Today the world lost one of the great female comedians of the past several decades. Cloris Leachman was 94 years old. I eternally felt a slight personal connection to Ms. Leachman for three reasons. Mostly because we share the same birthday month, albeit 45 years apart. But, I've always imagined we'd laugh at the same jokes. If we were at a diner party, I could envision us sitting apart from the other guests. She'd whisper to me wicked secrets about each one of them as wine squirted out of our noses.

Read full story

Goodbye New Year's Resolution 2021: Not all Winners are Champions, and That's Okay!

The trick on any incredible journey is not to assume you know the destination. Many other people in your life will try to tell you where you are going; or even where to go if you cut them off in traffic.

Read full story

Agonizing to Uplifting: What Will You Choose to Celebrate in February 2021!

The holidays are over. 2021 Resolutions written on January 1st are being discovered on refrigerator-sticky-notes. Hidden under take-out-menus for sushi or pizza. Hmm, pizza-sushi. Note to self: New Business idea Pizza-Sushi.

Read full story

How U2 Helped Me Get an "A" After a National History Day Disaster!

Is history really more than a class in school to pass notes about crushes? I never thought so. One of my biggest and earliest complaints was the rehashing of content each year. We never explored recent history. Topics that may have held our attention and that we could relate to.

Read full story

Finding the Courage to Fulfill Your Forgotten Dreams: The Girl in the Green Sweater

A Fictional Story Inspired by Real Events and a Dream. As SHE turned to go, HE desperately wanted to embrace HER. They'd barely met, but HE was moved by HER. No one would argue SHE was naturally beautiful. But it was HER SPIRIT that called to HIM. Did SHE notice HIM the way HE did HER?

Read full story

Comments / 0

Community Policy