Ohio dispensary suffers personal data breach

By Jake Geiger |Staff Writer

A medicinal marijuana dispensary in Columbus, Ohio had its personal and company data breached on Dec. 24.

Three medical marijuana dispensaries were exposed in a national data breach, including one in Columbus, Ohio. Bloom Medicinals, which owns the Columbus dispensary, says an estimated 30,000 people have their personal data breached.

The other two companies involved in the breach were AmediCanna Dispensary in Maryland and Colorado Grow Company.

Overall, there were more than 85,000 files discovered on Dec. 24. 

All three businesses were associated with a company called THSuite.

THSuite is a software partner for the cannabis industry and provides point-of-sale systems to cannabis stores.

With these three companies’ data exposed, internet researchers at vpnMentor, a virtual private network company, were able to see patient and monthly sales data along with the dispensaries compliance reports.

Researchers were also able to see “patients’ names, date of birth, phone number, email address, street address, date of first purchase and whether or not the patient received financial assistance for purchases,” according to The Enquirer.

Researchers also saw that patients associated with the companies are at risk because marijuana is still illegal at the federal level in the United States.

“I personally wouldn’t use dispensaries or weed in general, but if my information was leaked on say, my computer, I wouldn’t trust the company responsible,” said sophomore international business major Luke Williams. 

“Bloom Medicinals serves tens of thousands of patients in multiple states and we take patient privacy very seriously. Rest assured we will implement any corrective action necessary to both remedy, and ensure this does not happen again,” a spokesman for the company said.

The Ohio Board of Pharmacy confirmed that Bloom was the only marijuana dispensary in Ohio that uses THSuite.