Cybersecurity researcher Jeremiah Fowler uncovered an unprotected database belonging to Ohio Medical Alliance (aka Ohio Marijuana Card), exposing 957,434 records totaling 323GB online without encryption or password protection.
The leaked files included sensitive patient data such as names, birthdates, addresses, Social Security numbers, and medical documents like evaluations and certifications. A CSV file labeled “staff comments” revealed internal communications and over 210,000 email addresses tied to patients, staff, and partners.
Fowler reported the breach to Website Planet and issued a disclosure notice to the company. The database was secured the next day, though no response was received, and it’s unclear how long the data was exposed or if it was accessed by others.
Experts warn the exposed data poses serious risks, including identity theft and medical fraud highlighting the critical need for strict data protection in healthcare.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
