Medical marijuana company warns of data breach

marijuana-1648353_1280

A medical marijuana provider in Florida warned customers of a data breach involving its website.

AltMed, which does business as MüV, posted on its Facebook page Saturday.

A customer had alerted it earlier that day that “customer information could be accessed through a search utility on (the) website. Within 10 minutes, our Information Technology staff removed the search engine function.”

Kroll, its “data risk and security” consultant, soon “recommended that we take the site down, which we did,” according to the post.

“Taking it one step further, we ‘unpublished’ any sections of the site that contained customer data.”

The site remained down as of Monday morning. Todd Beckwith, the company’s director of marketing, told Florida Politics the investigation into what happened continues and he was unable to say how many customers were affected.

“Thus far it appears that there was … limited information accessed,” Saturday’s post said.

“Please know that we take security and patient confidentiality seriously — not just because it’s the law, but because it’s the right thing to do.”

The Department of Health regulates the drug through its Office of Medical Marijuana Use. Providers in Florida are known as medical marijuana treatment centers, or MMTCs.

State law says the department “may impose reasonable fines not to exceed $10,000 on a medical marijuana treatment center for … improperly disclosing personal and confidential information” of patients. 

“The Department is aware of the breach of confidential patient information,” spokesman Nick Van Der Linden said in an email. “Ensuring patient confidentiality is of utmost importance to the Department and we are committed to thoroughly investigating this event and taking appropriate action.”

Customers whose information may have been released will be notified, Beckwith said. “Otherwise, we’ll provide more information as our experts work through their process.”

“We’re not ready to make a statement till we’re 100 percent sure what happened,” he added. “But I can say I am very proud of the way our team responded.”

Jim Rosica

Jim Rosica is the Tallahassee-based Senior Editor for Florida Politics. He previously was the Tampa Tribune’s statehouse reporter. Before that, he covered three legislative sessions in Florida for The Associated Press. Jim graduated from law school in 2009 after spending nearly a decade covering courts for the Tallahassee Democrat, including reporting on the 2000 presidential recount. He can be reached at [email protected].


One comment

  • Jon-Paul Llamas

    December 13, 2018 at 12:15 pm

    I was one of the patients that data held the information on, They have my name, B-day, address, and patient ID, and phone number… what am i supposed to do now…

Comments are closed.


#FlaPol

Florida Politics is a statewide, new media platform covering campaigns, elections, government, policy, and lobbying in Florida. This platform and all of its content are owned by Extensive Enterprises Media.

Publisher: Peter Schorsch @PeterSchorschFL

Contributors & reporters: Phil Ammann, Drew Dixon, Roseanne Dunkelberger, A.G. Gancarski, Ryan Nicol, Jacob Ogles, Cole Pepper, Jesse Scheckner, Drew Wilson, and Mike Wright.

Email: [email protected]
Twitter: @PeterSchorschFL
Phone: (727) 642-3162
Address: 204 37th Avenue North #182
St. Petersburg, Florida 33704