Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Privacy Firm Finds Unsecured Cannabis Patient Information

An internet privacy firm says it was able to access private personal information of more than 30,000 medical marijuana patients, recreational pot customers or dispensary employees in several states.

The privacy firm was searching for unsecured data online and says the database has now been secured.

An internet privacy firm says it was able to access private personal information of more than 30,000 medical marijuana patients, recreational pot customers or dispensary employees in several states.

The privacy firm was searching for unsecured data online and says the database has now been secured.

The privacy firm, vpnMentor, said in a report posted on its website that Seattle-based software firm THSuite had failed to encrypt or secure the data, which was stored in the cloud via Amazon Web Services. It discovered the breach Dec. 24, and the database was closed Jan. 14.

THSuite did not return an email seeking comment Thursday. The company provides point-of-sale software for the cannabis industry that can integrate with state-mandated marijuana tracking systems.

Among the dispensaries with unsecured customer and employee information were Amedicanna, a marijuana dispensary in Maryland, and Bloom Medicinals, with several locations in Ohio, the privacy firm said. A recreational pot retailer in Colorado, Colorado Grow Company, was also affected, though it wasn’t clear if customer information was involved.

Among the unsecured patient information were full names, birth dates, and signatures as well as street and email addresses. There was also information about dispensary inventory, sales and employee names, the privacy firm said.

VpnMentor said it only checked a small sample of the records, and it’s certain that many more dispensaries could have the same problem. “It’s possible that all THSuite clients and their customers were involved,” it said.

The privacy firm said the breach could raise issues regarding patient privacy under federal law.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.