A UK medical cannabis clinic is carrying out investigations after a substantial amount of patients’ information was leaked in a major data breach.
In an email sent to patients on Monday 18 August, CB1 Medical confirmed it had identified a ‘data security incident’ when patients’ personal details, including prescription information, were found on a file hosting website.
The leak included contact details, dates of birth and in some cases, prescription information covering a six-month period, as well as the details of the prescribing doctor.
CB1 Medical says it took ‘immediate steps’ to secure the removal of the information from the hosting website and has commenced an investigation.
The breach is not thought to be the result of a cyber attack and there is ‘no evidence of wider sharing or misuse’. The information did not include addresses, financial information, ID documents, passwords or medical histories.
According to MedBud UK, an independent data hub for the medical cannabis sector, patients were first made aware of an issue via a Reddit post by an individual who said they had been alerted to his details being compromised by Google.
Reporting the incident on X, the organisation said the leak included a 2,600-page document and had been informed that it could include data from over 4,000 patients. CB1 Medical said it would not comment on the numbers involved while investigations were ongoing.
Dozens of patients have taken to social media to express their concern after receiving the email, including some who say they are not currently under the care of CB1 Medical.
The independent patient advocacy service, CannCare, which is currently supporting patients affected by the data breach, has urged vigilance over the coming weeks and has shared advice to help people protect themselves from potential scams.
“We understand that incidents like this can trigger real anxiety, especially when health and privacy are involved,” the organisation said in a statement.
“Even without medical records or financial information, details such as names, contact information order history and clinician names can be used to craft convincing scams. Over the next few weeks, stay alert messages that may reference prescriptions, recent orders or a clinician by name. Treat any unexpected emails, texts or calls with caution, especially those that are asking you for personal information or urging quick action.”
The organisation has also appealed to the wider community to “avoid speculation”, adding that some answers “must come from the organisation responsible”.
“CannCare is doing everything in its power to support patients by providing clear guidance, helping with confirmation correct requests where appropriate, and signposting to practical steps to help protect yourself,” it stated.
“We ask the community to help by avoiding speculation. In situations like this, it is vital that facts, not accusations or rumours are shared. Speculation can harm patients, obscure the truth and slow real solutions.”
CB1 ‘deeply sorry’ for concern caused
Anabel Sharma, Chief Operating Officer for CB1 Medical told Cannabis Health, the clinic is “deeply sorry” for the concern caused by the incident and that protecting patient privacy “remains paramount”.
“We have identified a data security incident, which, regrettably, involved some of the personal details of patients – all of whom have been written to directly by our team. We have written to affected patients to confirm that their data was affected and provide details of how to contact us if they have any further questions.”
The information is understood to relate to an old data export and not its live systems. Sharma added that while it outsources some of its patient administrations services to third parties, she reiterated that all its operations are conducted “in accordance with UK law”.
“We are deeply sorry for the concern this may have caused and will continue to deal directly with patients to address any additional concerns,” she continued.
“Protecting patient privacy remains paramount, and as a clinician-led specialist team, we are committed to delivering the highest standards of patient care and treatment. Some elements of our patient service administration are carried out by third parties, but all our operations are conducted in accordance with UK law. The breach has been reported to the ICO, and investigations are ongoing. As such, it would not be appropriate to comment further at this time.”
Script Assist, a technology provider used by CB1 Medical confirmed it was “not involved” in the incident.
A representative said: “As always, information from our platform is only ever securely delivered to authorised users under strict access controls and protected to the highest international standards.”
The post UK Cannabis Clinic Investigating As Patients Affected By Major Data Breach appeared first on Cannabis Health News.
Continue reading...
