Strauss Borrelli PLLC, a leading data breach law firm, is investigating Ohio Medical Alliance LLC d/b/a Ohio Marijuana Card regarding its recent data security incident. The Ohio Marijuana Card cybersecurity incident may impact the privacy of sensitive personal information belonging to an undetermined number of individuals.
ABOUT OHIO MEDICAL ALLIANCE LLC D/B/A OHIO MARIJUANA CARD:
Ohio Marijuana Card is a medical marijuana recommendation provider based in Ohio. Having helped 34,000 patients nationwide, the team at Ohio Marijuana Card is made up of medical marijuana doctors and patient support counselors.2 Headquartered in Broadview Heights, Ohio, Ohio Marijuana Card has additional locations in Dublin, North Ridgeview, Toledo, Woodmere, Akron, Vandalia, Painesville, and Cincinnati, Ohio, and has similarly named clinics in Arkansas, Kentucky, Louisiana, Virginia, and West Virginia.3
WHAT HAPPENED?
Recently, it was reported by an online source that Ohio Medical Alliance LLC had experienced a cybersecurity incident impacting the privacy of its data. According to this source, a cybersecurity researcher discovered an unencrypted and non-password-protected database that contained thousands of records belonging to Ohio Marijuana Card.1 The exposed database contained 957,434 records with a total size of 323 GB.1 In a limited sampling of the exposed documents, the researcher saw documents that included high-resolution images of driver’s licenses or identification documents that contained names, physical addresses, DOB, and license numbers. There were also folders labeled with the first and last names of the patients and contained intake forms, medical records, release forms, physician certification forms with SSNs, mental health evaluations, and identification documents from multiple states.1 These medical documents indicated the patients’ diagnosis and the reason they were seeking to be prescribed medical marijuana.1
According to the source, after discovering the database, the researcher notified Ohio Marijuana Card of the exposure. Ohio Marijuana Card did not issue a reply, but the database was restricted from public access the following day and no longer accessible.1 Although the records appeared to belong to Ohio Marijuana Card, it is not known if the database was owned and managed directly by them or by a third-party contractor.1 At this time, it is not known how long these documents were exposed to the public or if anyone else may have accessed the database.1 As of August 20, 2025, Ohio Marijuana Card has not publicly acknowledged the data exposure or confirmed whether the incident resulted in a data breach.
If you believe that you have been impacted by the Ohio Medical Alliance LLC d/b/a Ohio Marijuana Card:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
