Tech and AIHighly Sensitive Medical Cannabis Patient Data Exposed by Unsecured...

Highly Sensitive Medical Cannabis Patient Data Exposed by Unsecured Database

-


As legal cannabis has expanded around the United States for both recreational and medical use, companies have amassed troves of data about customers and their transactions. People who have applied for medical marijuana cards have had to share particularly personal health data to qualify. For some patients in Ohio who use medical weed, a recent data exposure could impact their sensitive information.

Security researcher Jeremiah Fowler found a publicly accessible database in mid-July that appeared to contain medical records, mental health evaluations, physician reports, and images of IDs like driver’s licenses for people seeking medical cannabis cards. The 323-GB trove stored close to a million records, including Social Security numbers, email addresses, physical addresses, dates of birth, and medical data—all organized by name.

Based on information that seemed to describe specific employees and business partners, Fowler suspected that the data belonged to the Ohio-based company Ohio Medical Alliance LLC, which goes by the name Ohio Marijuana Card. Fowler contacted the company on July 14; when he checked the database the next day, it had been secured and was no longer publicly accessible online. Fowler did not receive a response about his submission.

Ohio Medical Alliance did not answer WIRED’s questions about Fowler’s findings. At one point, though, the company’s president, Cassandra Brooks, wrote in an email: “I need time to investigate this alleged incident. We take data security very seriously and are looking into this matter.”

“There were physicians’ reports that would say what the underlying problem was—whether it was anxiety, cancer, HIV, or something else. In some cases, the applicants would submit their own medical records as proof” of their qualifying condition, Fowler tells WIRED. “I saw identification documents from lots of states, from everywhere. And I even saw offender release cards, which are basically IDs for people who just got out of prison that they submitted as proof of identity to get a medical marijuana card.”

Fowler says that most of the files in the database were image formats like PDFs, JPGs, and PNGs. One CSV plaintext document called “staff comments” appeared to be an export of internal communications, appointment histories, notes about clients, and application status. That file also contained more then 200,000 email addresses of Ohio Medical Alliance employees, business associates, and customers.

Databases that are misconfigured and have inadvertently been left publicly exposed on the open internet are a common problem online in spite of efforts to raise awareness about the mistake and its privacy implications.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

SEC Chair Confirms ‘Very Few’ Cryptos Are Securities, But Markets Continue to Correct

Securities and Exchange Commission chair Paul Atkins has confirmed a major shift in crypto regulation, stating that “very...

Imagen Network Improves Digital Community Engagement Through Grok Driven Interaction Models

Enhancing personalization and discovery with superior AI-powered interplay techniques. August 20, 2025 1:00 AM EDT | Supply: Kaj Labs London, United...

Valantis DEX acquires stHYPE as Hyperliquid staking heats up

Valantis has taken a decisive step...

Advertisement

“Kirby Air Riders” Is Coming to Switch 2, and It’s “Basically Like ‘Mario Kart’”

More than two decades after Kirby Air Ride launched on GameCube, Kirby Air Riders is coming to Nintendo...

Informal Systems’ Malachite Acquired by Circle to Power New Arc Blockchain Network for Stablecoin Finance

Informal Systems has announced the acquisition of its high-performance consensus engine, Malachite, by Circle Internet Group, Inc. (NYSE:...

Must read

SEC Chair Confirms ‘Very Few’ Cryptos Are Securities, But Markets Continue to Correct

Securities and Exchange Commission chair Paul Atkins has...

Imagen Network Improves Digital Community Engagement Through Grok Driven Interaction Models

Enhancing personalization and discovery with superior AI-powered interplay techniques. August...

You might also likeRELATED
Recommended to you