frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Medical cannabis patient data exposed by unsecured database

https://www.wired.com/story/highly-sensitive-medical-cannabis-patient-data-exposed-by-unsecured-database/
32•hacker_yacker•2h ago

Comments

hacker_yacker•2h ago
Nearly a million records, which appear to be linked to a medical-cannabis-card company in Ohio, included Social Security numbers, government IDs, health conditions, and more.
shifty1•1h ago
https://archive.is/Mp0qt
sailfast•1h ago
So are people storing these things in a non-HIPAA-compliant way or is this mostly attributable to some other vector that would not have been helped by compliance?

What a terrible leak - med records and marijuana use, especially in some circles - could be very useful blackmail material. :/

nickff•33m ago
From some quick research, it seems unclear whether dispensaries are covered entities under HIPAA, as they are not reimbursed by Insurers, due to the federal illegality of the drug. https://mjbizdaily.com/do-medical-marijuana-companies-need-t...
adi4213•27m ago
I think there are even more basic table stakes that were missed here well prior to conducting any manner of formal compliance auditing - like unauthenticated users accessing this database!
cpursley•1h ago
Mongo?
riffic•1h ago
my neighborhood weed guy would never betray my trust in this way.
yieldcrv•58m ago
free bank accounts for money laundering

(new account online, new coinbase account online, stuff new account with cash, transfer to coinbase, transfer onchain, swap to monero, wait, access all with new mac address, new wifi, new browser session, or Tor if the services allow)

daily reminder that KYC is a joke, the institutions and enforcement agencies that think it works, don’t know when its not working as long as a real id and ssn and address is used

0cf8612b2e1e•58m ago

  Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to Website Planet about an unencrypted and non-password-protected database that contained 957,434 records. The database belongs to an Ohio-based organization that helps individuals obtain physician‑certified medical marijuana cards. The database held PII, drivers licenses, medical records, documents containing SSNs, and other internal potentially sensitive information.
So, the absolute bare minimum was not followed. Just wide open database containing medical information.
firefax•39m ago
More evidence cannabis needs to be recreational. We can let people use their FSA money for it and/or give a steep discount to people who "really" need it, like cancer patients... but I think a lot of people who bounce between

Anyways, there are a LOT of little fly by night outfits that "help" you get a medical card in many states. It's a joke, and all it does is empower the same type of person who used to be a pill doctor to rent seek, and it's not at all a surprise one had poor data practices.

How we exploited CodeRabbit: From simple PR to RCE and write access on 1M repos

https://research.kudelskisecurity.com/2025/08/19/how-we-exploited-coderabbit-from-a-simple-pr-to-rce-and-write-access-on-1m-repositories/
366•spiridow•5h ago•121 comments

D2 (text to diagram tool) now supports ASCII renders

https://d2lang.com/blog/ascii/
111•alixanderwang•3h ago•14 comments

Emacs as your video-trimming tool

https://xenodium.com/emacs-as-your-video-trimming-tool
135•xenodium•5h ago•68 comments

Perfect Freehand – Draw perfect pressure-sensitive freehand lines

https://www.perfectfreehand.com/
63•NikxDa•1h ago•4 comments

Without the futex, it's futile

https://h4x0r.org/futex/
203•eatonphil•7h ago•99 comments

Show HN: OpenAI/reflect – Physical AI Assistant that illuminates your life

https://github.com/openai/openai-reflect
19•Sean-Der•1h ago•7 comments

How Figma’s multiplayer technology works (2019)

https://www.figma.com/blog/how-figmas-multiplayer-technology-works/
71•redbell•3d ago•31 comments

The new geography of stolen goods

https://www.economist.com/interactive/britain/2025/08/17/the-new-geography-of-stolen-goods
49•tlb•1d ago•29 comments

Candle Flame Oscillations as a Clock

https://cpldcpu.com/2025/08/13/candle-flame-oscillations-as-a-clock/
203•cpldcpu•3d ago•41 comments

Vendors that treat single sign-on as a luxury feature

https://sso.tax/
143•vinnyglennon•1h ago•74 comments

Notion releases offline mode

https://www.notion.com/help/guides/working-offline-in-notion-everything-you-need-to-know
123•ericzawo•2h ago•86 comments

AnduinOS

https://www.anduinos.com/
45•TheFreim•2h ago•57 comments

Why Semantic Layers Matter (and how to build one with DuckDB)

https://motherduck.com/blog/semantic-layer-duckdb-tutorial/
40•secondrow•4h ago•2 comments

Custom telescope mount using harmonic drives and ESP32

https://www.svendewaerhert.com/blog/telescope-mount/
238•waerhert•11h ago•86 comments

Lazy-brush – smooth drawing with mouse or finger

https://lazybrush.dulnan.net
542•tvdvd•4d ago•67 comments

A renovation project in Turkey led to the discovery of a lost city (2023)

https://www.atlasobscura.com/articles/derinkuyu-turkey-underground-city-strange-maps
52•areoform•5h ago•13 comments

Branch prediction: Why CPUs can't wait?

https://namvdo.ai/cpu-branch-prediction/
13•signa11•3d ago•13 comments

The joy of recursion, immutable data, & pure functions: Making mazes with JS

https://jrsinclair.com/articles/2025/joy-of-immutable-data-recursion-pure-functions-javascript-mazes/
20•jrsinclair•1d ago•1 comments

CRDT: Text Buffer

https://madebyevan.com/algos/crdt-text-buffer/
7•skadamat•1h ago•0 comments

Launch HN: Uplift (YC S25) – Voice models for under-served languages

75•zaidqureshi•9h ago•35 comments

How to Build a Medieval Castle

https://archaeology.org/issues/september-october-2025/features/how-to-build-a-medieval-castle/
208•benbreen•16h ago•62 comments

Show HN: Chroma Cloud – serverless search database for AI

https://trychroma.com/cloud
66•jeffchuber•1d ago•21 comments

Geotoy – Shadertoy for 3D Geometry

https://3d.ameo.design/geotoy
85•Ameo•1d ago•15 comments

CRLite: Certificate Revocation Checking in Firefox

https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/
34•TangerineDream•5h ago•2 comments

Launch HN: Parachute (YC S25) – Guardrails for Clinical AI

48•ariavikram•6h ago•19 comments

Critical Cache Poisoning Vulnerability in Dnsmasq

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2025q3/018288.html
106•westurner•8h ago•71 comments

Positron, a New Data Science IDE

https://posit.co/blog/positron-product-announcement-aug-2025/
110•kgwgk•7h ago•36 comments

Prime Number Grid

https://susam.net/primegrid.html
255•todsacerdoti•13h ago•89 comments

"Remove mentions of XSLT from the html spec"

https://github.com/whatwg/html/pull/11563
302•troupo•6h ago•369 comments

Medical cannabis patient data exposed by unsecured database

https://www.wired.com/story/highly-sensitive-medical-cannabis-patient-data-exposed-by-unsecured-database/
32•hacker_yacker•2h ago•10 comments