Hackers Corrupt Data For Cloud-Based Medical Marijuana System

Long-time Slashdot reader t0qer writes: I'm the IT director at a medical marijuana dispensary. Last week the point of sales system we were using was hacked... What scares me about this breach is, I have about 30,000 patients in my database alone. If this company has 1,000 more customers like me, even half of that is still 15 million people on a list of people that "Smoke pot"...
" No patient, consumer, or client data was ever extracted or viewed," the company's data directory has said. "The forensic analysis proves that. The data was encrypted -- so it couldn't have been viewed -- and it was never extracted, so nobody has it and could attempt decryption." They're saying it was a "targeted" attack meant to corrupt the data rather than retrieve it, and they're "reconstructing historical data" from backups, though their web site adds that their backup sites were also targeted.

"In response to this attack, all client sites have been migrated to a new, more secure environment," the company's CEO announced on YouTube Saturday, adding that "Keeping our client's data secure has always been our top priority." Last week one industry publication had reported that the outage "has sent 1,000 marijuana retailers in 23 states scrambling to handle everything from sales and inventory management to regulatory compliance issues."

CEO is shown lying by his company's own actions

[bagofbeans]

So we have:

Keeping our client's data secure has always been our top priority

then

all client sites have been migrated to a new, more secure environment

If the first was true, the second wasn't necessary.

Re:CEO is shown lying by his company's own actions

[guruevi]

You must have an MBA. Today's security is a continuous process and most if not all security procedures will last longer than a few years and will result in a near zero chance of getting hacked. This is a medical marijuana dispensary, not even a hospital or credit card company, the reason they got hacked is because they lacked the skills or didn't want to spend the money necessary to secure themselves.

Keep your systems updated, remove encryption standards that are out of date, close services and ports you don't need, don't use Windows, and if you must, don't give your users Administrator or root rights and if your software tells you otherwise, get different software.

But most business owners don't care until it's too late, if you ever worked with Micros Point of Sale systems or anything from any 'top 5' vendors for anything, you'll see that security doesn't matter to them. Walk into any bar or restaurant, a few days later go back and you can 'steal' 100s of credit cards and yes, they are connected to the Internet secured with nothing but a 10 year old Netgear router.