Recently, the database of Ohio Medical Alliance LLC, also known as Ohio Marijuana Card, was found online without password protection or encryption. This means private patient information may have been exposed.
What happened
In August 2025, a cybersecurity researcher discovered that Ohio Marijuana Card's database was publicly accessible. It contained nearly 957,000 records, totaling 323 gigabytes of data. The files included identification documents, patient intake and release forms, medical and mental health records, Social Security numbers, and doctor certification forms. These records also revealed patient diagnoses and the reasons people sought medical marijuana treatment.
After the researcher reported the problem, access to the database was restricted. However, Ohio Marijuana Card has not publicly acknowledged the incident, and it is unclear how long the data was exposed or whether unauthorized individuals viewed the information.
Potential compensation
When sensitive personal information is exposed, criminals may use it for identity theft, financial fraud, or other crimes. Companies that fail to protect this information can be held responsible for the harm caused.
If you received a data breach notification letter from Ohio Marijuana Card, your personal information may have been part of the exposed records.
Source: Fox 2 Now
