A medical marijuana provider in Florida warned customers of a data breach involving its website.
AltMed, which does business as MüV, posted on its Facebook page Saturday.
A customer had alerted it earlier that day that “customer information could be accessed through a search utility on (the) website. Within 10 minutes, our Information Technology staff removed the search engine function.”
Kroll, its “data risk and security” consultant, soon “recommended that we take the site down, which we did,” according to the post.
“Taking it one step further, we ‘unpublished’ any sections of the site that contained customer data.”
The site remained down as of Monday morning. Todd Beckwith, the company’s director of marketing, told Florida Politics the investigation into what happened continues and he was unable to say how many customers were affected.
“Thus far it appears that there was … limited information accessed,” Saturday’s post said.
“Please know that we take security and patient confidentiality seriously — not just because it’s the law, but because it’s the right thing to do.”
State law says the department “may impose reasonable fines not to exceed $10,000 on a medical marijuana treatment center for … improperly disclosing personal and confidential information” of patients.
“The Department is aware of the breach of confidential patient information,” spokesman Nick Van Der Linden said in an email. “Ensuring patient confidentiality is of utmost importance to the Department and we are committed to thoroughly investigating this event and taking appropriate action.”
Customers whose information may have been released will be notified, Beckwith said. “Otherwise, we’ll provide more information as our experts work through their process.”
“We’re not ready to make a statement till we’re 100 percent sure what happened,” he added. “But I can say I am very proud of the way our team responded.”