CVS, Walgreens step up ‘bot’ defense ahead of COVID-19 vaccine appointment rush

Security companies have warned retailers to be wary of so-called 'scalper bots'

As the nation gears up for expanded access to COVID-19 vaccines, pharmacies such as CVS and Walgreens are stepping up security efforts against so-called “scalper bots” eagerly waiting to stockpile vaccine appointment slots.

Following the Biden administration’s recent announcement that it will soon begin distributing about 1 million vaccine doses each week to some 6,500 pharmacies across the nation, security companies have warned retailers such as CVS and Walgreens, which are assisting in these distribution efforts, to be wary that these scalper bots could hoard vaccine appointments as soon as they are made available.

Much in the same way scalper bots in the past have scooped up the latest PlayStation or Microsoft Xbox consoles as soon as they hit the market, later selling them for a higher price, security companies have expressed concerns that these scalper bots could target pharmacies’ vaccine appointment slots in the same way, urging retailers to step up their defenses to ward off such attacks.

“Queue-jumpers are branching out. Their tools are now being used to target other high-demand items,” Matt Gracey-McMinn, head of threat research at bot security firm Netacea, told Reuters.


A Walgreens official told the outlet that the company is “working to ensure only authorized and eligible patients will have access to schedule a vaccine appointment.”

“To do so, security measures such as bot detection and prevention will play key roles in delivering this critical service to patients,” Jim Cameli, Walgreens Boots Alliance’s Chief Information Security Officer, said.

CVS, meanwhile, is also stepping up its security game ahead of the expanded vaccine rollout, which could begin as soon as Feb. 11.

“Our vaccination appointment site has a layered defense that includes capabilities to detect automated cyberattacks, such as botnets. Those capabilities, together with our application design and user input validation, enable us to validate legitimate users,” a CVS Health spokesperson told the news wire service.

Meanwhile, Walmart announced that the pharmacies in its Walmart stores and Sam’s Club warehouse outlets are also teaming up with the federal government to assist in the expanded distribution efforts.  In a news release, the retail giant stated that eligible customers and members can secure an appointment “directly via a scheduling tool on the Walmart and Sam’s Club websites,” but only while “allocation lasts.”


As for its security efforts — Walmart faced scalper bot attacks for the game consoles around the holidays in December — the company told Reuters it plans to “focus on security and any necessary mitigation steps that help us provide fair and equitable vaccination sign-ups.”

Such an attack could have devastating consequences on a country that has seen only 35.2 million total vaccines administered to date despite the fact the U.S. leads the world in both virus cases and deaths.

“Several of our customers have come to us worried about the frightening dilemma they will ultimately face: how do we manage vaccine appointments without it being upended by automated, bot attacks?” Edward Roberts, a specialist at security firm Imperva, told Reuters. “The dam will explode once vaccines are available for all citizens.”