A cyber-attack was also reported on their systems earlier in December.
By “William Stash” Jones
Oregon Cannabis Connection
Nevada’s Medical Marijuana portal containing personal information was exposed to the public for what could have been an entire week before being taken offline on December 28th. The personal data was broad and included applicant Social Security Numbers (SSN).
ZDNet reported that the leak occurred to a “portion” of one of several databases, according to a spokesperson for Nevada’s Dept. Health and Human Services. They pulled down the site to limit vulnerability.
A security researcher, Jason Shafer, “stumbled” upon the accessible information Tuesday with a simple, but clever, Google search. Over 11,700 files were exposed. The Daily Dot, a tech website, was able to “Google” the portal to the site before it was taken down.
The Daily Dot reported:
“Nevada’s medical marijuana application system has exposed the personal information of thousands of dispensary applicants, the Daily Dot has learned.
A vulnerability in Nevada’s Medical Marijuana Program portal makes available on the open internet the full, unredacted PDFs of over 11,700 dispensary applications, which include names, phone numbers, home addresses, dates of birth, driver’s license numbers, and complete Social Security numbers.”
They posted one of the “leaked” applications online, with the personal information blocked out.
Although the Nevada Division of Public and Behavioral Health (DPBH) said it was investigating a “cyberattack” on its system earlier in December, they insisted “private patient information is considered to be secure.”
In November Nevada was one of 8 other states passing marijuana measures, and theirs will make it legal for adults over 21 to purchase marijuana and use marijuana for recreational purposes. Nevada has allowed medical marijuana since voters approved a measure in 2000. On January 1st, adults over 21 will be able to possess up to 1 ounce or one eight ounce of concentrate for non-medical reasons.
© 2016 Oregon Cannabis Connection. All rights reserved.