Slashdot Mirror
Hackers Corrupt Data For Cloud-Based Medical Marijuana System (bostonglobe.com)
Long-time Slashdot reader t0qer writes:
I'm the IT director at a medical marijuana dispensary. Last week the point of sales system we were using was hacked... What scares me about this breach is, I have about 30,000 patients in my database alone. If this company has 1,000 more customers like me, even half of that is still 15 million people on a list of people that "Smoke pot"...
" No patient, consumer, or client data was ever extracted or viewed," the company's data directory has said. "The forensic analysis proves that. The data was encrypted -- so it couldn't have been viewed -- and it was never extracted, so nobody has it and could attempt decryption." They're saying it was a "targeted" attack meant to corrupt the data rather than retrieve it, and they're "reconstructing historical data" from backups, though their web site adds that their backup sites were also targeted.
"In response to this attack, all client sites have been migrated to a new, more secure environment," the company's CEO announced on YouTube Saturday, adding that "Keeping our client's data secure has always been our top priority." Last week one industry publication had reported that the outage "has sent 1,000 marijuana retailers in 23 states scrambling to handle everything from sales and inventory management to regulatory compliance issues."
" No patient, consumer, or client data was ever extracted or viewed," the company's data directory has said. "The forensic analysis proves that. The data was encrypted -- so it couldn't have been viewed -- and it was never extracted, so nobody has it and could attempt decryption." They're saying it was a "targeted" attack meant to corrupt the data rather than retrieve it, and they're "reconstructing historical data" from backups, though their web site adds that their backup sites were also targeted.
"In response to this attack, all client sites have been migrated to a new, more secure environment," the company's CEO announced on YouTube Saturday, adding that "Keeping our client's data secure has always been our top priority." Last week one industry publication had reported that the outage "has sent 1,000 marijuana retailers in 23 states scrambling to handle everything from sales and inventory management to regulatory compliance issues."
A gigantic target for hackers with every clients info in one place.
Great job.
You can only perjure yourself in a court of law, under oath.
You can be charged with lying to a federal officer. Not perjury, but still a problem if it happens to you.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Keep your systems updated, remove encryption standards that are out of date, close services and ports you don't need, don't use Windows, and if you must, don't give your users Administrator or root rights and if your software tells you otherwise, get different software.
Ok, you've eliminated maybe 10% of the attack vectors.
will result in a near zero chance of getting hacked
Oh, I see. You know nothing about security.
You WILL get hacked. Expect it, plan for it, invest in delaying it for as long as possible and minimising its impact when it does, but you will get hacked.