Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database

As the legal hemp It expanded throughout the United States for entertainment and medical use, companies collected data data around customers and their transactions. People who applied for medical marijuana cards had to share personal health data in particular to qualify. For some patients in Ohio who use medicinal herbs, the recent exposure to data can affect their sensitive information.

Jeremy Fowler security researcher found a database accessible to the public in mid -July, which seemed to have medical records, mental health assessments, doctors reports and acquaintances such as driver licenses for people looking for hemp cards. TRVE 323-GB stored near one million records, including social security numbers, email addresses, physical addresses, birth dates and medical data-are organized by name.

Based on the information that seemed to describe specific employees and commercial partners, Fowler suspected that the data belongs to the OHio Medical Alliance LLC, which is based in OHio Marijuana. Fowler called the company on July 14; When he examined the database the next day, it was secured and is no longer available to the public online. Fowler did not receive in response to his presentation.

Ohio Medical Alliance did not answer Wilde’s questions about Fowler’s results. At some point, though, the company’s president, Cassandra Brooks, wrote in an email: “I need time to investigate this alleged accident. We take data security seriously and look at this.”

“There were doctors’ reports that might indicate what is the main problem – whether it was anxiety, cancer, HIV or anything else. In some cases, applicants will provide their own medical records as evidence of their qualified condition, says WIRED. ”I have seen identification documents from many states, from everywhere. I saw even the perpetrator’s launch cards, which are essentially identifiers for people who just have been released from prison as a guide to the identity to obtain a medical marijuana card. “

Fowler says that most of the files in the database were photo formats like PDFS, JPGs and Pngs. The CSV Plaintex text is called “Employees’ Comments” is an export of internal communications, dates date, notes about customers, and application status. This file also contained more than 200,000 e -mail addresses for OHio Medical Alliance, business partners, and customers.

The databases that have been inadvertently were unintentionally left on the open Internet are a common problem online despite the efforts made to raise awareness about the error and the effects of their privacy.