Local News


UPDATE: Nevada medical marijuana patients concerned after breach

Posted at 5:34 PM, Dec 28, 2016
and last updated 2017-01-21 03:38:14-05

LATEST JAN. 20: The portal site for Nevada's medical marijuana program is back online after being offline for more than 3 weeks following a cyber-attack.

The site is again accepting new patient applications and renewals. While initially the state said only dispensary employees' information was revealed, thousands of patients' information may have been leaked.

Patients like Anne-Marie Zappola are worried.

"I've never felt that exposed before," Zappola says. "There's a lot of personal information on there. I’m worried who has this information and what are they going to do with it?"
Zappola says the state only told her, by letter, just a few days ago. "It was very disconcerting."
The shut down forced medical marijuana dispensaries to register patients by hand.
"Sometimes it is a bit of a hassle to have to fill out additional paperwork," says Deuvall Dorsey, another patient. 
Dorsey says cyber-attacks a part of our new landscape where so much of our personal information is online.
"Every system is vulnerable to attack. So I think this is something that comes with the territory."
Zappola wonders how did this happen in the first place?
"I’m actually upset that they weren't better prepared with the security." 


The Division of Public Behavioral Health has been investigating a cyber-attack on its Medical Marijuana Program database.  

On Wednesday, the Nevada State Medical Marijuana Program became aware that application information about individuals with medical marijuana agent cards, such as employees and owners of medical marijuana establishments, has been disclosed. The information includes social security numbers and dates of birth. At this time, private patient information is considered to be secure.
“The entire portal has been taken down,” said Cody Phinney, Division of Public Behavioral Health administrator, in a statement. “To prevent further breaches, the Division’s IT staff are working with state IT staff, investigating the breach. We appreciate everyone’s patience during this difficult time. As more information is known, the public will be notified.”
In addition to contacting the individuals involved, the Division is notifying three major credit reporting agencies of this database breach: Equifax (800) 525-6285, Experian (888) 397-3742 and TransUnion (800) 680-7289. Agent cardholders are encouraged to report to these agencies that their individual information was compromised in this breach.
The incident has been referred to law enforcement agencies for further investigation.