Cybersecurity is a topic that’s always on everyone’s mind, no matter the industry. In the field of cannabis, it has some added concerns due to the requirements of keeping track of cannabis buyer data in all states.
At stake is the profitability of the cannabis industry. Without proper data security practices, it’s likely going to stop more cannabis businesses from going forward due to HIPAA regulations and many complicated state laws.
The problem is, with so much data (including medical) being stored, it can end up being a hotbed for hackers. Many hacking attempts go after the cannabis industry because the data being stored from consumers and patients is so comprehensive.
Recently, a commonly used data tracking software (THSuites) became compromised, leading to hackers tapping into reams of personal info on cannabis buyers. Both damaging to the company’s reputation and the cannabis industry overall, this incident broached a wider discussion on what needs to be done to keep cannabis data as protected as possible.
Cannabis Businesses and the Regulatory Scrutiny They Face
Many cannabis industry professionals are facing headaches on how to manage all the data they collect. In the case of cannabis companies working with medical providers to offer medical marijuana, they’re usually forced to sign Business Associate Agreements. These are required through HIPAA for a cannabis business to share data with the medical community, or vice versa.
Because this puts cannabis manufacturers under more of a scrutinizing eye with HIPAA, it’s making them extra nervous. Managing this data is now like walking a tightrope since one breach could end up meaning a stiff fine or even shutting down the company.
All of this follows a long string of other cannabis industry data leaks in recent years. It’s happened in virtually every state that legalized cannabis on a medical or recreational basis.
Back in 2016, Nevada had one of the first major cannabis data breaches, affecting 11,000 people. The above tracking software breach compromised double the amount of customer information.
While data breaches can be devastating to businesses and customers in any industry, they are particularly problematic in an industry as closely monitored and regulated as the cannabis industry.
How Much Do These Data Breaches Cost the Cannabis Industry?
According to recent figures, data breaches are already costing businesses up to $3.92 million. This includes the cannabis industry now, proving how close to the precipice many of these industries are.
Regulatory fines could also cripple a cannabis business for up to two decades, ruining all possibility of profitability in an already competitive market.
Of course, most importantly, a data breach ruins all trust between the cannabis business and a customer. Many people are turning to cannabis manufacturers as a major source to help them manage pain or other illnesses. Knowing their data is possibly compromised could end up ruining this trust, particularly if doing online transactions due to COVID-19.
Not to mention the negative impacts this could have on individuals. Cannabis is still stigmatized. Employers may have policies prohibiting cannabis use. Individuals whose information was leaked in these data breaches may lose their jobs or face backlash for their cannabis use. They may also find themselves the target of personalized scams or phishing attempts as their personal information is exposed.
How to Increase Security
Because the cannabis industry is still fairly new, it’s still going to take some time to get them to step up to create passable fixes. As many security experts note, a good start is toward security awareness training programs. Simple measures like phishing scam awareness and using passwords is also a good step. Most of all, it comes down to network assessment and what tools could be utilized to prevent hacks, including medical information ending up on the dark web.
Here are some things you can do to prevent data breaches:
- Store data with high levels of encryption.
- Create complex passwords.
- Use two-factor authentication.
- Minimize the data you store, keeping only what you need.
- Restrict data access to only the employees who must have access.
- Secure computers with password protection and time-out settings after inactivity.
- Install and update security software.
Contact us at MaxQ Technologies, Inc. as we continue covering the latest issues facing the cannabis industry and provide tips to keep your business safe and compliant.