The Untapped Vertical
With the cannabis industry growing rapidly in the United States, and more states legalizing marijuana, this sector of business is one that can be explored as a vertical by MSPs to uncover the cybersecurity needs within.
The profitable nature of this business means that they are growing exponentially not only as single proprietary units, but as an industry altogether, and with that type of growth comes a lot additional opportunity, but also a lot of data that needs to be protected. Not only does the data that they use contain personally identifiable information (PII) for each individual, due to the nature of the industry and the requirement to have a prescription to purchase, it also contains medical information.
That sensitive medical data was part of information recently exposed from customers of THSuites, which makes management and point of sale software that is used by these dispensaries. Customers’ full names, birthdates, contact information, and purchase history were only some of the records that were compromised. With the transactional information came purchase dates and amounts spent by the individual. According to vpnMentor, a cybersecurity firm, the 85,000 records that were exposed were insecure and available to anyone on the internet who knew how to find them. At this time, it is unknown if the unsecured data was exploited by hackers on the dark web, but since it did also contain medical marijuana patient names and medical ID numbers, it would likely be considered valuable.
So Many Unknowns
With the cannabis industry being in its infancy, the policies and procedures that surround it are also in their infancy. Usage remains under federal law and is therefore considered illegal, so exposure can be detrimental to an individual’s professional reputation as well as having their personal identity stolen. With state regulation laws on the rise and the likelihood of these businesses being subject to HIPAA at one point in the future, there is an opportunity for MSPs to assist these potential clients in getting ahead of the curve.
Not only is providing a cybersecurity program a necessary solution – it would seem that this aspect is terribly overlooked, but also integrating a HIPAA compliance program would put them in a well-protected advantage ahead of any other dispensary not considering all of the risks that are out there.
As an MSP you can educate and protect these clients as you become their trusted advisor in an area that they are forgetting about as their business booms. Don’t let this opportunity go by to become a forerunner in this untapped vertical.