Data Security

Unsecured medical marijuana patient databases expose almost 1M records

(Adobe Stock)

HackRead reports that Ohio Medical Alliance, also known as Ohio Marijuana Card, had 957,434 records inadvertently exposed by a pair of misconfigured patient databases.

Data leaked by the alternative medicine practitioner's 323 GB databases included patients' names, birthdates, Social Security numbers, home addresses, and driver's license scans, as well as intake forms, anxiety- and post-traumatic stress disorder-assessments, and physician certifications, according to an analysis by cybersecurity researcher Jeremiah Fowler published on Website Planet. Over 210,000 patient, employee, and business partner email addresses have also been exposed by the "staff comments" CSV file, which also included internal notes and client updates. Additional details regarding the databases' manager or the duration of data exposure remain uncertain, said Fowler, who noted immediate access restrictions to the databases upon reporting the issue to Ohio Medical Alliance. Individuals affected by the incident have been warned of potential identity theft or financial fraud incidents.

You can skip this ad in 5 seconds