A cybersecurity researcher has uncovered a public, unencrypted, and non-password-protected database that comprises 957,434 private data of medical hashish sufferers. Jeremiah Fowler on Tuesday revealed the findings that data held by Ohio Medical Alliance LLC (OMA) – a corporation that helps people get hold of medical hashish ID playing cards within the state – have been uncovered. 

The data – 323 GB in all – embody pictures of driver’s licenses or ID paperwork from a number of states that comprise names, bodily addresses, birthdates, and license numbers and folders that have been labeled with sufferers’ first and final names, contained consumption varieties, medical data, launch varieties, doctor certification varieties that included social safety numbers, and psychological well being evaluations. 

“Nearly all of information I noticed within the two databases have been in PDF, JPG, PNG codecs. One CSV doc named ‘workers feedback’ contained a considerable amount of inner communications, notes about shoppers, appointments, standing, or private conditions. That doc additionally contained an estimated 210,620 electronic mail addresses of shoppers and inner workers or enterprise companions.” — Fowler in a Web site Planet submit 

Fowler indicated he despatched a disclosure about his findings to OMA – which operates beneath the Ohio Marijuana Card model – however didn’t hear again; nevertheless, that the database was restricted from public entry the next day and now not accessible.