Data Breach Exposes Data of Thousands of Medical Marijuana Patients

The breach exposed diagnostic results, healthcare numbers and personal contact information.

• By Sydny Shepard
• Mar 29, 2019

A Canadian medical cannabis company has revealed that the information of about 34,000 patients may have been exposed in a data breach incident. 

Sunniva explained that the electronic medial record systems used by their subsidiary, Natural Health Services (NHS), had been breached. Patients were informed of the cyberattack on the last week of the breach, which took place between Dec. 4, 2018 through Jan. 7, 2019. 

NHS announced that the breach did not involve any financial, credit card, or social insurance number information, since that information is not collected from patients.

However, personal injury firm Diamond and Diamond, which has proposed a class-action against NHS and Sunniva, argued that the breach exposed diagnostic results, healthcare numbers and personal contact information.

The Canadian Press reported that NHS, which operates seven clinics in Canada, is working with privacy protection and law enforcement authorities to get to the bottom of the breach and to mitigate the damage it may have caused.

"We value our patients and understand the importance of protecting personal information and apologizing to the patients whose personal information has been improperly accessed and for any frustration or inconvenience that this may cause," NHS president Dr. Mark Kimmins said in a statement.