With cannabis legalization comes greater responsibility on cannabis users, but also the businesses catering to the cannabis community. Topics trending in 2019 focus on end user responsibilities, but what about the clinics, dispensaries and services who hold and store personalized information on you and me?
It’s too late for the referrals of one Canadian cannabis clinic, Natural Health Services. The cross Canada leader in medical cannabis suffered a rather large database breach late 2018 and early 2019 patients discovered as NHS began notifying owners of compromised data.
The exact times are unknown, but the data was accessed by an “unauthorized individual” from NHS between the dates of Dec. 4, 2018 and Jan. 7, 2019.
According to the Calgary Herald, compromised information from the breach includes data ranging from basic personal information to medical diagnoses, referrals, encounter notes and allergies.
Fortunately the hackers didn’t gain access to prescriptions, payment details, social insurance numbers or other financial information.
Although emails have been sent to the affected customers, Natural Health Services is keeping tight lips in regards to just how many accounts and exactly what information was leaked.
Natural Health Services identified that a number of records containing personal health information in the electronic medical record system we use were accessed without the authorization of Natural Health Services physicians for purposes that may be unrelated to providing medical carehttps://calgaryherald.com/cannabis/cannabis-news/electronic-data-breach-sees-medical-cannabis-users-personal-information-compromised
As of Tuesday March 19th, 2019 a public statement from Natural Health Services still remains unpublished, and affected accounts are actively being contacted.
Natural Health Services stresses the correct law enforcement and privacy integrity agencies have been notified and are currently working with their clinics to figure out how the hackers gained access to their data.
Other documents on their website suggest the hackers got through multiple steps of security to gain access to the data, or circumvented a number of security measures the company has in place which are published on the NHS website.
Here’s a list of the security measures NHS has in place for times like this:
- restricting office access to authorized individuals
- maintaining all records in our office which has a secure access
- password controls and search controls
- firewalls and anti-virus software
- logging, auditing and monitoring of all access to electronic records of personal health information
- privacy notice
- encryption of all electronic communication and of all information transmitted electronically.
The breach at NHS raises serious concerns for Canadians with cannabis prescriptions who actively or wish to travel to the United States of America. In recent months the US border patrol has been vocal in letting Canadians understand they are travelling across borders to a country in which Cannabis remains federally illegal.
Regardless of status as a medical cannabis patient, or involvement in cannabis investments, border patrol can and will complicate tour travels if they become aware of Canadian cannabis involvement.
National Health Services is offering a hotline to customers affected by the data breach. Please call 1-888-297-0573.