CINCINNATI (FOX19) - A point-of-sale system in the cannabis industry announced the information of more than 30,000 patients may have been exposed in a data breach incident, including those in Ohio.
On Wednesday, THSuite said three cannabis companies were connected to the data breach. The one impacted in Ohio is Bloom Medicinals. They operate five dispensaries in the state.
Researchers for a company known as vpnMentor discovered the alleged breach on Dec. 24.
The dispensaries in Ohio are located in Akron, Columbus, Painesville Township, Maumee and Seven Mile in Butler County.
The leak exposed the following information about Bloom Medicinals customers:
- Full name
- Date of birth
- Medical/State ID and expiration date
- Phone number
- Email address
- Street address
- Date of first purchase
- Whether or not the patient received financial assistance for cannabis purchases
- Whether or not the patient opted in for SMS text notifications
vpnMentor said the breach also exposed their inventory, monthly sales reports, and compliance reports.
The two other companies that were breached are Amedicanna Dispensary Files, a medical marijuana dispensary located in the state of Maryland, and Colorado Grow Company, a recreational marijuana dispensary located in the city of Durango, Colorado.
A Bloom spokesman told our media partners at the Cincinnati Enquirer the company is investigating the matter and working with THSuite to identify which, if any, Ohio patients were affected.
“Once we have identified any affected patients, we will notify each individual and follow HIPAA breach notification protocols,” the company said in a statement. “Bloom Medicinals serves tens of thousands of patients in multiple states and we take patient privacy very seriously. Rest assured we will implement any corrective action necessary to both remedy, and ensure, this does not happen again.”