Last week, a Florida medical cannabis dispensary took their website offline after it was found that patient information was obtainable through the site’s basic search function.
Sarasota-based AltMed is a licensed Medical Marijuana Treatment Center (MMTC) that also goes by the name MÜV. AltMed responded quickly by taking their website offline after a customer noticed the search function was revealing sensitive customer information.
“Within 10 minutes, our Information technology staff removed the search engine function. We then retained Kroll, Inc. an industry leader in data risk and security,” the company said in a statement posted to its Facebook page.
“Based on the forensic review thus far it appears that there was limited access to the site with limited information accessed. The review will continue until we fully understand what happened and who is responsible.”
The site remains down while AltMed conducts an investigation; the dispensary will notify all affected individuals by mail. Meanwhile, patients can still access medicine from AltMed by contacting their local dispensary to set up deliveries.
A recent Canna Law Blog investigation warns that cannabis businesses are particularly vulnerable to data breaches.
Breaches are inevitable and happen in all sectors of the economy, the article acknowledges, but cannabis is especially at risk due to its special relationship with technology and the plant’s ongoing federal prohibition.
Besides the financial cost, which can run into the tens of thousands, depending on the severity of the breach, cannabis businesses face damage to their reputations and risk becoming embroiled in federal and state investigations.