• A friendly and supportive community, register today. Our forums use a separate account system.

Clinics ⚠️ CB1 Medical: Patient/Clinic Data Breach

GrownHealth said:
Cheers mate and coming from someone who understands this stuff that sort of reassures me I wasn't being over sensitive regards their response. 🙏
Click to expand...
If anything you're holding back imo.

They've tried to play it down, no mention of the fact anyone on planet earth has ability to buy your data on the fucking clear net FFS.

For reference, i work in a tech space where we use clearnet crawling services to look for any mention of our various web platforms and any inclination of a username/password.

On the daily I am removing accounts from our platforms that have been flagged as leaked but they're flagged in almost real time so anything the does get leaked doesn't stay leaked for more than a day at most.

I do not work with any kind of patient sensitive data, not any kind of customer data that could lead to anything effecting individual people but we still have measures like this.

For a tech company we're quite shit with opsec but even we still operate some bare minimums to be proactive in protecting data.

I would expect every single health care service in the UK to have similar if not more protective measures in place and that's before we even get to the actual email they've sent.

The lack of honesty and transparency is very clear here and incredibly alarming.

They need to be honest about how it happened, why it happened, what went wrong, what they're going to do to make sure it doesn't happen and what they're going to do to protect the damage of this existing leak.

If they don't address any and all of this then it shows a lack of care and transparency which in a medical space is arguably the 2 most fundamental things.

I tend to always fall on the side of caution and my skepticism is turned up to 10 with things like this. As I think it should be.

Honestly, I would be on the phone to them requesting a discharge and submitting formal complaints to any relevant body. Less so for the leak, moreso for the inability to discover it after 10 weeks and them being told about it, not discovering it.

I don't think there's anything to be done legally unless your data gets misused and that's probably unlikely in this instance. However, I think this is morphing into an issue of incompetence across the entire board.

Everyone should focus on the fact it was available on the CLEAR NET! for 10 weeks!!!

Forget the specifics of the leak, it's beyond unforgivable that a time frame like that can even exist.
 
joint_account said:
If anything you're holding back imo.

They've tried to play it down, no mention of the fact anyone on planet earth has ability to buy your data on the fucking clear net FFS.

For reference, i work in a tech space where we use clearnet crawling services to look for any mention of our various web platforms and any inclination of a username/password.

On the daily I am removing accounts from our platforms that have been flagged as leaked but they're flagged in almost real time so anything the does get leaked doesn't stay leaked for more than a day at most.

I do not work with any kind of patient sensitive data, not any kind of customer data that could lead to anything effecting individual people but we still have measures like this.

For a tech company we're quite shit with opsec but even we still operate some bare minimums to be proactive in protecting data.

I would expect every single health care service in the UK to have similar if not more protective measures in place and that's before we even get to the actual email they've sent.

The lack of honesty and transparency is very clear here and incredibly alarming.

They need to be honest about how it happened, why it happened, what went wrong, what they're going to do to make sure it doesn't happen and what they're going to do to protect the damage of this existing leak.

If they don't address any and all of this then it shows a lack of care and transparency which in a medical space is arguably the 2 most fundamental things.

I tend to always fall on the side of caution and my skepticism is turned up to 10 with things like this. As I think it should be.

Honestly, I would be on the phone to them requesting a discharge and submitting formal complaints to any relevant body. Less so for the leak, moreso for the inability to discover it after 10 weeks and them being told about it, not discovering it.

I don't think there's anything to be done legally unless your data gets misused and that's probably unlikely in this instance. However, I think this is morphing into an issue of incompetence across the entire board.

Everyone should focus on the fact it was available on the CLEAR NET! for 10 weeks!!!

Forget the specifics of the leak, it's beyond unforgivable that a time frame like that can even exist.
Click to expand...
Clinic switch in-progress !
 
joint_account said:
I'm waiting for Medicann to give me a bell back btw mate. Little fuckers didn't want to chat to me earlier lol.
Click to expand...
I've tried phoning but I would imagine like a number of others they'll be somewhat busy this morning! I've completed the application and sent it so lets now wait and see..
 
For anyone still on the fence about how stupid this all is think of it like this.

Down the road from where you live there's a nice big farm, that farmer has 100 sheep that he looks after on a daily basis.

One day, all the sheep escape the field. This sucks but kind of expected to happen from time to time given the nature of farms.

However, the farmer who looks after them daily doesn't notice they're no longer in the field. In fact 10 weeks go by and he's still none the wiser that the sheep have absconded.

In those 10 days the sheep cause havoc around your local town. They've broken into gardens, causes traffic issues, occasionally caused a crash. Some have even found their way to France.

Is this farmer good at his job and would you trust them with your sheep?

Sheep do escape quite often, so this should be forgiven right? Well no. Because the problem isn't the sheep escaping. The problem is the farmer didn't have a fucking clue that they had even escaped.

If you think the farmer is incompetent and needs to be replaced, well I think you've probably figured out how you feel about CB1 Medical.
 
Its happening everywhere in every type of business you can think of and for various reasons, no one is safe unfortunately as there having been infiltrations even in Google Chrome and the likes, I've been following it all for a while.
 
Absolutely furious that the data was available for 10 fucking weeks and was spotted not even by them. We have a saying: cheap man pays twice, but I was happy with them and thought they really cared about clientele protection and all that shit, but here we are. SMH.
 
Dooby Doo said:
Its happening everywhere in every type of business you can think of and for various reasons, no one is safe unfortunately as there having been infiltrations even in Google Chrome and the likes, I've been following it all for a while.
Click to expand...
That is true, but most systems have internal flags for foreign activity to highlight something is wrong.

I keep banging on about this point but if it wasn't for one particular patient all of your data would still be available for purchase and CB1 Medical wouldn't have a clue about it.

That is what I find alarming, not that their pants were pulled down, it's that they carried on walking until someone pointed it out to them.

I really do feel for all of you guys who are patients there. This is not nice for anyone.
 
Dooby Doo said:
CB1 Medical shuts down in the next day or so for a complete overhaul of their systems. Phone lines and online with be shut down.
Click to expand...
" from Friday 22nd August at 5:00pm until Tuesday 26th August at 9:00am due to scheduled maintenance and the August bank holiday weekend.

During this time:

Our systems (including the CB1 app) will be offline

No consultations or prescriptions will be processed

We won’t be responding to emails or phone calls"

From their email 4 days ago ...
 
Okay so this was not a hack or data breach, which implies a bad actor ie member of staff leaked the old pdf export.
This is not as bas as M&S or the COOP or boots or the labour party breaches. I am in a class action against labour over that.
So I'm letting go, any bad actor in any clinic could do this.
Staying with CB1 Medical as was not hacked.
 
Moon said:
Okay so this was not a hack or data breach, which implies a bad actor ie member of staff leaked the old pdf export.
This is not as bas as M&S or the COOP or boots or the labour party breaches. I am in a class action against labour over that.
So I'm letting go, any bad actor in any clinic could do this.
Staying with CB1 Medical as was not hacked.
Click to expand...
You have good knowledge about this sort of thing mate, i take your word 💯
 

  Similar Discussions (Automatically Generated)

GrownHealth
Clinics Overseas processing of patient requests/data by clinics.
Replies
9
Views
267
Muiredach
Muiredach
D
Clinics Which clinic to choose CB1 or Alternaleaf ?
Replies
8
Views
908
R3d4
R
Mills
YouTube UK Cannabis Clinic HUGE data breach!
Replies
0
Views
85
Mills
Mills
S
Clinics Has anyone switched from Mamedica to CB1?
Replies
9
Views
320
ElaineWChat
ElaineWChat
B
Clinics Medicann Uk, New Patient Experience.
2 3
Replies
43
Views
737
joint_account
joint_account
Back
Top