CARSON CITY, Nev. (KOLO) - The Nevada Division of Public Behavioral Health continues to investigate a cyber-attack on its Medical Marijuana Program database.
The portal is again available so patients and caregivers can use the online function to apply for initial or renewal medical marijuana registry cards Dispensaries may resume using the portal for patient verification and point of sale purposes.
The portal was taken down for repairs after the division was notified that it was vulnerable to a cybersecurity breach. All people whose personal information may have been impacted as a result of the breach have been notified by mail, according to health officials.
December 28, 2016, the Nevada State Medical Marijuana Program became aware that application information about people with medical marijuana agent cards, such as employees and owners of medical marijuana establishments, had been disclosed. The information includes social security numbers and dates of birth. The department says so far, private patient information is considered secure.
“The entire portal has been taken down,” said Cody Phinney, DPBH Administrator, at the time. “To prevent further breaches, the Division’s IT staff are working with state IT staff, investigating the breach. We appreciate everyone’s patience during this difficult time. As more information is known, the public will be notified.”
In addition to contacting the people involved, the division notified three major credit reporting agencies of this database breach: Equifax (800) 525-6285; Experian (888) 397-3742; and TransUnion (800) 680-7289. Agent cardholders are encouraged to report to these agencies that their individual information was compromised in this breach.