Cincinnati.com is reporting that an Ohio medical marijuana dispensary was exposed in a national data breach leaking personally identifiable information for more than 30,000 people.
Bloom Medicinals, which operates five dispensaries in Ohio, was one of three cannabis companies identified in revealing a recent leak involving THSuite, which provides point-of-sale systems to cannabis stores.
Ohio medical marijuana patients could be harmed by having their identity leaked because marijuana remains illegal on the federal level and there is a stigma around its use.
Ohio officials are investigating a recent data breach that may have affected medical marijuana patient data at Bloom Medicinals’ five dispensaries.
They also found records of the dispensary’s monthly sales and discounts and of each product’s supplier and price
Bloom has locations in Akron, Columbus, Maumee, Painesville and Seven Mile, in Butler County.
A Bloom spokesman said the company is investigating the matter and working with THSuite to identify which, if any, Ohio patients were affected.
“Once we have identified any affected patients, we will notify each individual and follow HIPAA breach notification protocols,” the company said in a statement. “Bloom Medicinals serves tens of thousands of patients in multiple states and we take patient privacy very seriously. Rest assured we will implement any corrective action necessary to both remedy, and ensure, this does not happen again.”