Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database
5 days ago
- #medical-cannabis
- #privacy
- #data-breach
- Legal cannabis expansion in the U.S. has led to companies collecting extensive customer data.
- A security researcher found a publicly accessible database with sensitive medical and personal information of medical cannabis applicants in Ohio.
- The exposed data included medical records, mental health evaluations, physician reports, and IDs, totaling nearly a million records.
- The database likely belonged to Ohio Medical Alliance LLC (Ohio Marijuana Card), which secured the database after being contacted.
- The company did not respond to inquiries but stated they take data security seriously and are investigating.
- The database contained sensitive information such as Social Security numbers, email addresses, and medical conditions like anxiety, cancer, and HIV.
- Files in the database included PDFs, JPGs, PNGs, and a CSV with internal communications and over 200,000 email addresses.
- Misconfigured databases left publicly exposed are a recurring issue despite awareness efforts.