Medical marijuana database must be protected
Ohio’s medical marijuana program seemed to be operating without a hitch — until last week.
Then, a Seattle internet privacy company revealed it had been able to access confidential information online about more than 30,000 medical marijuana patients in several states. The company, vpnMentor, said it had found unsecured patient information, in addition to scanned government and company IDs, in a database used by several companies, including one that operates some medicinal marijuana dispensaries in Ohio.
That firm does not operate dispensaries in this region of Ohio, however.
According to an Associated Press report, the unsecured database was closed earlier this year.
The revelation should be of concern to Ohioans and to state government. To the long list of requirements for those involved in the medicinal marijuana industry, evidence that records are kept secure may have to be added.
If it exists already, state officials should investigate why vpnMentor was able to hack into the online database to access information.
As vpnMentor put it, “This data breach has serious consequences for the dispensaries and their customers.”
Patient privacy and identity security are essential for ALL businesses, and the ease with which unsecured information was found in one instance should lead officials to look for holes in the entire system.