Press
Let’s see who ordered cannabis in the neighborhood? This was possible due to a data leak from an online prescription service. An authority has been alerted.
Since April 1st, ordering cannabis online has become easier. Several providers offer medical grass on prescription via a type of online pharmacy. One of them has now suffered a major data breach. Hundreds of recipes were freely available on the Internet.
Data leak at “Dr. Ansay”: Hundreds of recipes available on the Internet
The data comes from the telemedicine platform “Prescription Service Dr. Ansay”. Patient prescriptions could be freely viewed in PDF format on this site. The data leak became public on May 14th. After a few hours the site was blocked. The recipes themselves could no longer be accessed – but several sensitive data could; namely via the preview mode of the search engine. This includes name, address, date of birth and partial information about the cannabis ordered. No other health data was affected.
IPPEN.MEDIA was able to talk to several patients. They confirmed the authenticity of the respective recipes and were very surprised about the disclosure of their data. Some of them want to contact the data protection authority and consider taking legal action.
By the Pentecost weekend, 27 people had contacted the state data protection office Hamburg skillful. Because a Hamburg address is listed in the imprint of “dransay.com”, the authority is responsible. She expects more advertisements in the coming days. “We take the incident very seriously, as large quantities of highly sensitive health data were freely available on the Internet,” said a spokeswoman when asked.
Can Ansay: The model with the cannabis recipes
The operator of the site is the Hamburg entrepreneur Can Ansay. His platform has been around for several years. Ansay was open during the corona pandemic Covid test certificates set (see video). You could have test certificates issued via the website. The model went through his mother, the doctor Eva Maria Ansay. Abuse seemed inevitable; she lost her license to practice medicine because of violations of professional law.
Son Can Ansay, actually a lawyer and not a doctor, has further developed his site and specialized in cannabis recipes. Those affected see him as a provider who easily issues prescriptions – which is why he is quite popular with consumers. The model is advertised on social media. As a rule, you don’t need to speak to a doctor with Ansay. According to information from IPPEN.MEDIA Filling out a questionnaire is enough to get cannabis. So it makes sense that private consumers also stock up on weed. When asked, the Association of German Cannabis Patients speaks of a “lot of pseudo-patients”.
It is not clear whether and how this information is checked. Ansay defends this course when asked: “Patients want their cannabis on prescription easily, quickly and cheaply.” He even praised his offer, saying the service was by far the best in Germany. “Simply select flowers and answer the questionnaire within five minutes.” For patients, a consultation with a doctor “increases the time required, the waiting time and the medical costs many times over,” explains Ansay. “That’s why only a few people choose our optional, guaranteed doctor’s consultation with a cannabis expert.”
Confusion about Ansay statement: “Low level of security” on the website?
Back to the data leak: Ansay initially saw the causes of the breakdown in a “low level of security”. At least that’s what he explained in a statement on his website, which has since been deleted. The statement went on to say that the data leak was caused by an ex-employee. This employee and his partner also “posted instructions on how to access the data using several fake accounts” on the Internet. Ansay separated from this employee. Overall, “data from up to approx. 20% of the prescriptions issued to date” were affected by the data breach. Ansay left questions about this employee unanswered, but said: “With my statement, I wanted to immediately and openly inform all concerned patients about the current status of the data leak at the time.”
All of this information can no longer be found in a current statement. Instead of a “low level of security” there is talk of being a “victim of a data leak” “despite our precautionary measures”. It goes on to say: “As soon as we became aware of it, we ensured that our servers were no longer accessible from outside and that no personal data could be accessed.”
Angry letter to Microsoft: “Delete immediately, otherwise you will face criminal charges”
In fact, Ansay made efforts in this regard, although initially not successfully. He contacted the relevant browser providers on May 14th. A letter to Microsoft states: “You are unlawfully publishing patient data! Delete immediately, otherwise you risk criminal charges!”. The writing lies IPPEN.MEDIA before. However, it took a few days for Microsoft – and its search engine Bing – to delete the data. There has been no patient information since May 17th.
The letter continues: “You obtained, stored and published the data unlawfully.” Ansay also repeats this to our editorial team: “Microsoft’s search engine Bing had the patient data despite my immediate request on May 14th. and therefore not deleted illegally.” Ansay says: “It is shocking how illegally Big Tech companies act because of their market power and no one reports about it.”
However, it is questionable whether Microsoft can be held responsible for publishing the data. Internet browsers crawl, i.e. search, the Internet for content, which they then make available in their search results. As a rule, they only rely on freely available content. The error seems to have been, directly or indirectly, with Ansay itself.
#Hundreds #recipes #sensitive #data #Internet