As the legal hemp It has expanded all over the United States for both entertainment and medical use Troves from data About customers and their transactions. People who applied for medical marijuana cards had to share personal health data in particular to qualify. For some patients in Ohio who use medicinal herbs, the recent exposure to data can affect their sensitive information.
Security researcher, Jerimia Fowler I found a database access to the public In the middle of July, which seemed to have medical records, mental health assessments, doctors’ reports, and identifiers such as driver licenses for people looking for hemp cards. TROVE 323 GB was stored near a million records, including social security numbers, email addresses, physical addresses, birth dates and medical data – which are organized by name.
Based on the information that seemed to describe specific employees and commercial partners, Fowler suspected that the data belongs to the OHio Medical Alliance LLC, which is based in OHio Marijuana. Fowler called the company on July 14; When he examined the database the next day, it was secured and is no longer available to the public online. Fowler did not receive in response to his presentation.
Ohio Medical Alliance did not answer Wilde’s questions about Fowler’s results. At some point, though, the company’s president, Cassandra Brooks, wrote in an email: “I need time to investigate this alleged accident. We take data security seriously and look at this.”
“There were doctors’ reports that might indicate what is the main problem – whether it was anxiety, cancer, HIV or anything else. In some cases, applicants will provide their own medical records as evidence of their qualified condition, says WIRED. ”I have seen identification documents from many states, from everywhere. I saw even the perpetrator’s launch cards, which are essentially identifiers for people who just have been released from prison as a guide to the identity to obtain a medical marijuana card. “
Fowler says that most of the files in the database were photo formats like PDFS, JPGs and Pngs. The CSV Plaintex text is called “Employees’ Comments” is an export of internal communications, dates date, notes about customers, and application status. This file also contained more than 200,000 e -mail addresses for OHio Medical Alliance, business partners, and customers.
Databases that were inadvertently formed inadvertently, unintentionally exposed on the open internet common problem connected Despite the efforts made to raise awareness about the error and its effects on privacy.
https://media.wired.com/photos/689e56af26c500411f5d07b3/191:100/w_1280,c_limit/Security_weedcard_GettyImages-1466383594.jpg
Source link