Data Breach at Florida Dispensary Highlights Vulnerabilities

Lukas Barfield reports:

Last week, a Florida medical cannabis dispensary took their website offline after it was found that patient information was obtainable through the site’s basic search function. Sarasota-based AltMed is a licensed Medical Marijuana Treatment Center (MMTC) that also goes by the name MÜV.

AltMed responded quickly by taking their website offline after a customer noticed the search function was revealing sensitive customer information.

Read more on Ganjapreneur.

A December 1 statement on MÜV’s Facebook page reads:

To our valued Florida customers; 

This morning we were notified by a customer that some customer information could be accessed through a search utility on our www.AltMedFlorida.com website. Within 10 minutes, our Information Technology staff removed the search engine function.

We then retained Kroll, Inc. an industry leader in data risk and security.

Upon review of the site, our experts recommended that we take the site down, which we did. Taking it one step further, we “unpublished” any sections of the site that contained customer data.

Based on the forensic review thus far it appears that there was limited access to the site with limited information accessed. The review will continue until we fully understand what happened and who is responsible.

Please know that we take security and patient confidentiality seriously—not just because it’s the law, but because it’s the right thing to do.

If your information was accessed in any way, we will contact you directly. Otherwise, we’ll provide more information as our experts work through their process.

We appreciate your patience.

Typo corrected post-publication. Apologies to Ganjapreneur for misspelling their name.