Kanna Knowledge 

Your Source For News and Commentary on Cannabis
for the Insurance Industry

Subscribe to our Newsletter Updates

The growing number of Cannabis businesses is top of mind when cybercriminals seek out their next victims. After all, many startup and less-established businesses haven’t deployed ample resources to guard against cybersecurity attacks, for reasons of not enough funds or not enough knowledge. While KRM can’t help with the former, we hope this issue will help with the latter — and make it clear that the time to focus on cybersecurity best practices is actually day one.

If a business fails to take precautions, cybercriminals are likely to exploit any weak links. Which can be extremely costly, often leading to the quick demise of what was originally a promising enterprise. Consider these incidents:

The Pennsylvania-based national seed-to-sale database MJ Freeway, now known as Akema, was targeted in a data breach that put the personal information of thousands of dispensary patients from across the U.S. at risk. The company had to spend over $200,000 to upgrade its enterprise capabilities and completely rewrite its software.

Earlier this year, THSuite, a point-of-sale system used by dispensaries, was breached— with the personal information of over 30,000 people posted on the dark web for weeks. Names, dates of birth, cannabis purchase history, and even photographs of scanned patient ID cards were being shared. The jury is still out on any potential HIPAA fines.

Even governmental bodies are not immune: sensitive data has been breached from both the Nevada Division of Public and Behavioral Health and the Washington State Liquor and Cannabis Board, revealing information on dispensary owners and medical cannabis patients.

Remember, too, that when breaches occur, the affected businesses must usually remain closed for what is often an extended period of time. While the cannabis industry once accounted for a relatively low percentage of the data breaches that are tracked by credit reporting company Experian, the number has jumped — and Experian has now highlighted cannabis websites as a prime target for cyberattacks.

So as the likelihood has gone up, so have the likely losses — and they can be crippling for smaller businesses. The National Cyber Security Alliance reports this statistic: “60 percent of businesses close within 6 months of a cyber attack.” And the latest study by IBM Security and the Ponemon Institute reports that data breaches cost companies $3.86 million per breach on average, with compromised employee accounts the most expensive root cause.