Highly sensitive cannabis data exposed to insecure database

0


As legal cannabis Companies have expanded around the United States for recreational and medical use, and companies have used customer data and their transactions. People who apply for medical marijuana cards have been forced to share especially personal health data in order to be eligible. For some patients in Ohio who use medical weeds, exposure to recent data can affect their sensitive information.

Jeremiah Fowler, a security researcher, found a public database in mid -July that appears to contain medical records, mental health evaluation, doctors’ reports and images of IDs such as driver licenses for people looking for a medical cannabis card. 323 GB stored in nearly one million records, including social security numbers, email addresses, physical addresses, birthdays and medical data-are organized.

According to information that seemed to describe specific employees and business partners, Fowler was suspicious that the data belongs to the Ohio Ohio, a medical company LLC, which goes under the name of the Marijuana Ohio card. Fowler contacted the company on July 14. When he checked the database the next day, it guaranteed it and was no longer available online. Fowler did not receive a response on his submission.

Ohio’s medical alliance did not answer Wired questions about Fowler’s findings. However, at one point, the president of the company, Cassandra Brooks, wrote in an email: “I need time to review this claimed event. We take data security very seriously and we are looking for it.”

“There were reports of doctors who say what is the basic problem – whether anxiety, cancer, HIV or something else,” says Fowler. And I even saw the offender’s freedom cards, which are essentially identifiers for people who have just been out of prison and have provided them as proving the identity of the marijuana card. “

Fowler says most of the files in the database were video templates such as PDF, JPG and PNG. One of the Plaintext CSV documents appears to be called “Employees’ Comments” export of internal communications, appointment history, customer notes and program status. The case also included more than 200,000 email addresses from Ohio Medical Union, business partners and customers.

Databases that have been mistakenly arranged and inadvertently publicly open to the Internet, despite trying to raise awareness of this mistake and its privacy consequences, are a common problem online.

About The Author

Leave a Reply

Your email address will not be published. Required fields are marked *