Data Breach at Medical Marijuana Firm

Data Breach at Medical Marijuana Firm

A Canadian medical marijuana dispensary was hit with a data breach, exposing healthcare information on 34,000 patients.

The breach occurred at Canada’s Natural Health Services (NHS) and their parent branch Sunnica Inc. NHS has seven locations across Canada: Windsor, Alberta, Saskatchewan, Manitoba, and Ontario. Specifically, the Windsor location was targeted in the attack.

Further, the breach hit the electronic medical record (EMR) system. EMRs contain patient charts, notes, diagnosis, and treatment information.

The attack took place over several weeks from December 4, 2018 to January 7, 2019. However, NHS only notified affected patients at the end of March.

NHS has commented on the breach saying:

“NHS identified that a number of records containing personal health information in the electronic medical record (EMR) system we use were accessed without the authorization of NHS physicians for purposes that may be unrelated to providing medical care”

The medical dispensary says that malicious actors did not access any financial, credit card, and social insurance numbers belonging to customers.

However, personal injury firm, Diamond and Diamond claims patient information was stolen. According to them diagnostic results, medical information, healthcare numbers, and personal identifying information, such as name, age, address was exposed in the breach.

Therefore, Diamond and Diamond has brought a class action lawsuit against NHS and Sunniva.

The Manager Partner at Diamond and Diamond Lawyers, Jeremy Diamond, stated on the lawsuit:

“What is more integral that the preservation of our health information?….All individuals that filled out these online forms could be affected by this egregious breach.”

Currently few details are available on the data breach. NHS is working alongside law enforcement and privacy protection authorities to investigate further into the breach. Further, they have set up a dedicated hotline for all patients to call for inquiries, at 1-888-297-0573.

NHS president Dr. Mark Kimmins told the Canadian press:

“We value our patients and understand the importance of protecting personal information and apologize to the patients whose personal information has been improperly accessed and for any frustration or inconvenience that this may cause. We are taking this situation very seriously and are taking the necessary steps to prevent a situation like this from happening again.”


Contact LIFARS immediately if you were hit with a data breach