top of page

Data Breaches Creating Major Problems For Cannabis Business Owners

As a cannabis business owner you may ask yourself why data security is important and what’s the real risk? The reason data security is so important is directly tied to the risk of associated with a data breach, which is money. A data breach for a cannabis company can have costly financial and legal consequences. Data is an asset that must be protected. Loss of clients/customers private information can lead to fines, lost sales, judgement, damages or more. Often, the financial impact is not immediately known depending on how soon the breach is discovered. Many companies only discover the breach once the damage is done.

For cannabis related businesses, a data breach could have an even greater impact if the business is considered a health care provider. If you are a cannabis dispensary or testing lab in a state where marijuana is only legal for medicinal use, those businesses may be under greater scrutiny and subject to greater regulations when it comes to a data breach. These business will have personal information such as home addresses and phone numbers, but also medical information. Patients’ medical history could be used to blackmail them if they don’t want their medical history publicized, making the information specifically valuable. Specific provisions of the HIPAA Act protect health care information from fraud and abuse, and when violated carry heavy penalties.

Providers continue to struggle with cyber-security, and phishing expeditions are a frequent culprit. They can result in a painful hit to a company’s bottom line and negative publicity exacerbated by lawsuits. Healthcare organizations spend more than $400 per record lost or stolen after a data breach, the highest of any industry reviewed in a recent analysis by IBM Security.
A study by Accenture and the American Medical Association found four out of five doctors have experienced a cybersecurity attack. The majority involved phishing, followed by computer viruses.
In a Mimecast and HIMSS Analytics survey, providers ranked email the No. 1 source of potential data breaches. More than 90% of respondents said email was critical to their organization, and eight in 10 said they use it to send personal health information, typically to other providers.

Financial loss and regulatory fines are key reasons to protect your company against a data breach, however, there is also the issue of loss productivity. Employees will in most instances be required to deal with customer issues and concerns once the breach is made public. Data loss can also result in certain programs and applications not working properly or not working at all. Certain security features may be disabled and require specialists to update and re-secure the network.

The reality is even the best data security systems are vulnerable. While it is very important to have a strong data security system in place, S2S Insurance Specialists strongly suggests incorporating Data Breach Insurance as part of your policy, especially if you maintain patient records. Cyber Defense & Data Breach Insurance protects business owners from legal liability, whether the information is leaked electronically or by some other means such as a paper file. Your policy will cover legal expenses and regulatory fines.


With the rise of data breaches and cyber crimes, having a strong data security system in place, combined with Cyber Defense & Data Breach Insurance, is critical to protect your business. To learn more about how we can protect you and your business from cyber crimes, contact Eric Rahn at or schedule a free 15-minute consultation by clicking here.


bottom of page