Salvaging Security: MJ Freeway Struggles To Recover From Data Breach

Understanding the MJ Freeway attack is the key to avoiding future attacks, protecting privacy, and safeguarding public health

MJ Freeway Breach

Cyberattacks are always dangerous, and when they affect the medical industry, they severely compromise public health and confidentiality. The recent attack on MJ Freeway demonstrates just how sensitive medical data is, reinforcing the need for effective data storage and security:

Attack Analysis

MJ Freeway is a Colorado-based tracking software company that caters to medical marijuana dispensaries across the United States. On 8 January 2016, the company suffered a severe hack, losing records from more than a thousand of their clients in 23 different states. Such an attack would severely disrupt any business but has been particularly damaging for cannabis dispensaries, as state regulations require them to provide clear records of all sales and inventory changes. Though some affected clients were able to continue business using traditional tracking methods, many had to shut down, depriving their customers of treatment.

In addition to short-term market disruption, the attack also may have compromised the privacy of millions of medical marijuana patients. Because of the negative perceptions associated with cannabis, many medical marijuana users do not reveal their treatments in public. If the attackers stole patient information, they could publicize it at any time. MJ Freeway insists that its client data is encrypted, but many clients are unconvinced, pointing out that the attackers could have stolen the encryption codes. If this is true, the attackers could continue to do damage for months or years in the future.

Future Fixes

Whatever ultimately results from the MJ Freeway attack, it serves as a wake-up call for all businesses that handle sensitive information. To minimize your firm’s risk and keep clients’ data safe, remember to:

  • Rely On Redundancy– It’s essential to backup vital information in a separate system that is isolated from your primary storage, but can be easily accessed when it is needed. This will allow you to quickly restore service after an attack, minimizing the length and cost of disruption.
  • Decrypt Diligently– The information needed to decrypt sensitive data should always be kept separate from the encrypted data itself. This way, even if an attacker is able to steal your data, you can be confident that they will not be able to read any of it.
  • Modernize Methodically– Hackers are constantly developing new, more efficient ways to attack you. Old security measures thus quickly become obsolete, requiring you to install new software. Whenever an update is available for your operating system, make it, especially if it relates directly to security.
  • Streamline Security– Cybersecurity methods are most useful if you develop a single, consistent policy for all your employees. Set clear rules for the activities employees can perform on company devices or over the office WiFi, and vigorously enforce them. This prevents individual carelessness from compromising your security.

Don’t leave your Chicago, IL and Southern California company vulnerable to cyberattacks. Contact OffSite IT today at (866) 828--6674 or for effective, affordable security solutions.


I first hired John directly as an employee back in 1999.
He was an excellent addition to a growing team at a small technology company. Subsequent to the sale of the company, John branched out on his own and started an IT consulting firm. Since that time, I have not used anyone else. John is capable, personable, has integrity and is also very likable. I would recommend him without reservation.”

  Kevin DiCerbo   

Connect With OffSite IT

    • Los Angeles / Orange County 21520 Yorba Linda Blvd. Suite G417 Yorba Linda, CA 92887
    • Chicago 6912 Main Street Suite 214 Downers Grove, IL 60516
    • 1-866-828_-6674