@Moon @GrownHealth posted this earlier, if it is of any help. Maybe he can give you more details of the patient who built the tool to search, if it’s ok for him to do so now.
-
A friendly and supportive community, register today. Our forums use a separate account system.
Clinics ⚠️ CB1 Medical: Patient/Clinic Data Breach
- Thread starter GrownHealth
- Start date
- Featured
Did you sign up before or after the 7th June? If after then you don’t need to worry I don’t think.
Last edited:
They're quite willing to help, but after some checks only CB1 Medical themselves can legally put the tool up and reprocess the data. The author is willing to send on, and I'll get back to them shortly with forwarding details.
CB1 also need to check with their new contracted company helping manage the data breach whether that's fully compliant. We've also urged them to look into the legality of submitting details to "HaveIBeenPwned".
I know this is a frustrating answer, but I can't confirm - I'm under legal guidance not to reprocess or access the data in any way.
That said, given we've previously been told CB1's patient numbers, and they line-up with the amount of unique contact details - I would assume your details are almost certainly there.
Moon
Pollinating
- Messages
- 1,766
- Likes/Reactions
- 4,155
- Clinic
- 🏴 CB1 Medical
Thank you. Yes looking into it further everyone's will be if signed pre june. I will speak to a solicitor tomorrow i want to sue them.
Moon
Pollinating
- Messages
- 1,766
- Likes/Reactions
- 4,155
- Clinic
- 🏴 CB1 Medical
Way before, thanks.
@Moon, please email CB1 Medical directly tonight to confirm you're affected - I've asked them to check and confirm today if whatsoever possible 
EDIT: Won't be tonight, but for and all users whom want to confirm whether their details were affected, please email their chief operating officer Anabel directly - and she'll get through every request as quickly as possible tomorrow: anabel@cb1medical.com
In general we're expecting a full announcement from CB1 tomorrow.
EDIT: Won't be tonight, but for and all users whom want to confirm whether their details were affected, please email their chief operating officer Anabel directly - and she'll get through every request as quickly as possible tomorrow: anabel@cb1medical.com
In general we're expecting a full announcement from CB1 tomorrow.
Last edited:
Bryan
Branching Out
- Messages
- 137
- Likes/Reactions
- 280
@Moon, please email CB1 Medical directly tonight to confirm you're affected - I've asked them to check and confirm today if whatsoever possible
EDIT: Won't be tonight, but for and all users whom want to confirm whether their details were affected, please email their chief operating officer Anabel directly - and she'll get through every request as quickly as possible tomorrow: anabel@cb1medical.com
In general we're expecting a full announcement from CB1 tomorrow.
Bryan
Branching Out
- Messages
- 137
- Likes/Reactions
- 280
Bryan
Branching Out
- Messages
- 137
- Likes/Reactions
- 280
I've just sent the CB1 Medical pharmacy an email apon figuring out how to access the status of my prescription on the app and it seem to be further on than I thought !Thanks Muiredach for sharing that alternative email
That email has seemed to reached its destination opposed to the @info one which seem to be offline or something
Bryan
Branching Out
- Messages
- 137
- Likes/Reactions
- 280
Good morning mate, hope you didn't have too much of a restless night !
What is your thoughts on this response?
I'm happy to wait on a reply from my emails last night to see how to proceed further!
Sunshine
Branching Up
- Messages
- 62
- Likes/Reactions
- 214
- Clinic
- 🏴 CB1 Medical
Ive just returned from a weekend break.... put my order through around 8am today, then got the email 
came straight here to talk about it and found that you guys have been hot on it all weekend 
Ran the email through ChatGPT, I've read all the posts in this thread, and these are the conclusions AI has made with the information.
It's brought me some relief, I hope it can ease some of the wider anxiety many of us are experiencing
- I'm also a CB1 Medical patient, no affiliation.
Data breach impact – what it means for you
Details exposed:
* Name
* Contact details (phone/email)
* Date of birth
* 6-month order history (breached in May/June 2025, so 6 months prior to that included?)
* Clinician’s name/email
Not exposed:
* Medical notes/records
* Financial info
* Home address
Risks:
* Phishing emails/texts that look more convincing
* Spam calls/emails
* Social engineering (using your clinician’s name to trick you)
* Identity theft risk is very low without address/financial data
What to do:
* Be cautious of unexpected calls/emails, even if they know your DOB or clinician’s name
* Don’t click suspicious links — contact the organisation directly
* Monitor your bank and credit reports for unusual activity
* Use strong, unique passwords + enable 2FA where possible
Reassurance:
* No bank, address, or medical records were leaked
* Main risk is phishing attempts, not financial fraud
For concerns and to discuss this directly, email CB1s chief operating officer
anabel@cb1medical.com
i think this is accurate, but if you could confirm @GrownHealth @Muiredach
came straight here to talk about it and found that you guys have been hot on it all weekend Ran the email through ChatGPT, I've read all the posts in this thread, and these are the conclusions AI has made with the information.
It's brought me some relief, I hope it can ease some of the wider anxiety many of us are experiencing
- I'm also a CB1 Medical patient, no affiliation. Data breach impact – what it means for you
Details exposed:
* Name
* Contact details (phone/email)
* Date of birth
* 6-month order history (breached in May/June 2025, so 6 months prior to that included?)
* Clinician’s name/email
Not exposed:
* Medical notes/records
* Financial info
* Home address
Risks:
* Phishing emails/texts that look more convincing
* Spam calls/emails
* Social engineering (using your clinician’s name to trick you)
* Identity theft risk is very low without address/financial data
What to do:
* Be cautious of unexpected calls/emails, even if they know your DOB or clinician’s name
* Don’t click suspicious links — contact the organisation directly
* Monitor your bank and credit reports for unusual activity
* Use strong, unique passwords + enable 2FA where possible
Reassurance:
* No bank, address, or medical records were leaked
* Main risk is phishing attempts, not financial fraud
For concerns and to discuss this directly, email CB1s chief operating officer
anabel@cb1medical.com
i think this is accurate, but if you could confirm @GrownHealth @Muiredach
May as well not of sent anything for me as it doesn't address what as a carer for a patient I have to do next and seems to be downplaying it a bit when the facts are the info is in the public domain ! Just my initial reaction as a carer for a patient with them
Bryan
Branching Out
- Messages
- 137
- Likes/Reactions
- 280
I totally understand, seems rather generalised and played down like you say.
I hope they can come good with a plan and a more personalised response would be appreciated but give the volume of numbers I'm left sceptical!
to you and the family mate
I hope they can come good with a plan and a more personalised response would be appreciated but give the volume of numbers I'm left sceptical!
to you and the family mate
Sunshine
Branching Up
- Messages
- 62
- Likes/Reactions
- 214
- Clinic
- 🏴 CB1 Medical
I really don't expect much to come from this...
Speaking with friends in tech, security, and healthcare this morning about it, this is likely to be swept under the rug...
Although a breach of our sensitive data, the ICO will see it as a moderate breach, since no medical records or financial data were exposed.
The fact CB1 Medical acted quickly (*once aware) to remove the data and self-reported will work in their favour...
I see many being quick to assume some form of compensation, and I agree with the outrage, but I think the main result will be tighter safeguards going forward and little else.
We will see.
Speaking with friends in tech, security, and healthcare this morning about it, this is likely to be swept under the rug...
Although a breach of our sensitive data, the ICO will see it as a moderate breach, since no medical records or financial data were exposed.
The fact CB1 Medical acted quickly (*once aware) to remove the data and self-reported will work in their favour...
I see many being quick to assume some form of compensation, and I agree with the outrage, but I think the main result will be tighter safeguards going forward and little else.
We will see.
Last edited:
I could not trust CB1 Medical again after this with anything
joint_account
Budding
- Messages
- 574
- Likes/Reactions
- 1,317
- Clinic
- 🏴 Alternaleaf
I think this email is laughable and if anything further degrades any confidence I would have as a patient.
A cyber attack would have been better, it seems very obvious to me that they do not know how this data was leaked, I don't think they can rule out system breaches given they clearly have no identifiers for foreign activity evidenced by the fact this was live for 10 weeks.
I think the scary thing for me would be that the person mat still have access to their systems either via an exploit or by being an active member of their payroll and they haven't got the slightest clue.
A much weaker reply that I was hoping they'd put out.
If I was a CB1 patient I would be replying to that asking for a discharge letter.
joint_account
Budding
- Messages
- 574
- Likes/Reactions
- 1,317
- Clinic
- 🏴 Alternaleaf
The other risk is blackmail.Ive just returned from a weekend break.... put my order through around 8am today, then got the email
Ran the email through ChatGPT, I've read all the posts in this thread, and these are the conclusions AI has made with the information.
It's brought me some relief, I hope it can ease some of the wider anxiety many of us are experiencing
Data breach impact – what it means for you
Details exposed:
* Name
* Contact details (phone/email)
* Date of birth
* 6-month order history (breached in May/June 2025, so 6 months prior to that included?)
* Clinician’s name/email
Not exposed:
* Medical notes/records
* Financial info
* Home address
Risks:
* Phishing emails/texts that look more convincing
* Spam calls/emails
* Social engineering (using your clinician’s name to trick you)
* Identity theft risk is very low without address/financial data
What to do:
* Be cautious of unexpected calls/emails, even if they know your DOB or clinician’s name
* Don’t click suspicious links — contact the organisation directly
* Monitor your bank and credit reports for unusual activity
* Use strong, unique passwords + enable 2FA where possible
Reassurance:
* No bank, address, or medical records were leaked
* Main risk is phishing attempts, not financial fraud
For concerns and to discuss this directly, email CB1s chief operating officer
anabel@cb1medical.com
i think this is accurate, but if you could confirm @GrownHealth @Muiredach
A users name is on LinkedIn, so is their employer. Many used haven't disclosed and nearly half are mental health patients which opens the discussions to vulnerable people being exploited with very little knowledge or effort from the person trying to exploit.
My employer doesn't care but many people do not want their employer to know they receive medical, letalone consume several 10s of G per month.
It's not like anyone has broken the law but there will always be people pay up out of fear. I think it's a real possibility here.
Cheers mate and coming from someone who understands this stuff that sort of reassures me I wasn't being over sensitive regards their response.
Similar Discussions (Automatically Generated)
