The Blueprint

scors - Copy

Applicant scorecards contain peculiar correlations when examining the Last Two Digits (32.73 would be a Last Two Digit combination of 73)

Irregularities among the Last Two Digits, such as the strange correlations that occur across almost all scores on an applicant’s scorecard, should be inspected further by demanding that the Department of Health release their scoring methodology per section.

See for yourself by downloading the spreadsheet.



MJ Freeway’s Lack Of Security Competence Spells Trouble For PA’s Confidential Patient and Business Data

Call it a hack. Call it an attack. Call it a breach. MJ Freeway is running out of spin these days


In case you aren’t familiar, MJ Freeway was selected by the PA Department of Health to exclusively provide “seed-to-sale” software for the Medical Marijuana Program.

This new breed of software is typically required by state governments in order to keep the feds from storming dispensaries in states that have legalized marijuana. Basically, MJ Freeway’s software allows the state to monitor where the marijuana is, who is buying it, how much, etc. You know, because it might get on the streets.


MJ Freeway also provides ERP-type software for marijuana businesses, though no one uses it. Not a soul.

In any case, MJ Freeway’s systems have been penetrated twice this year. The first one you can read about in one of our earlier posts. We essentially wondered why our state officials would choose a software vendor that was hacked during the bidding process, and chalked it up to an insane connection between MJ Freeways investors and marijuana lobbyists.


The latest gaffe takes a much more serious turn. Aaron Biros from Cannabis Industry Journal was one of few to report this month that MJ Freeway had been “compromised” yet again.

Portions of MJ Freeway’s source code were reportedly stolen and posted in Reddit threads as well as on, a source code hosting website. On June 15th, the account “MJFreeway Open Source” was made on, and portions of the source code were posted, but have since been taken down.

Of course, MJ Freeway was quick to respond with all the right answers:

“Last week we discovered that someone had obtained an outdated portion of MJ Freeway’s source code. This incident has absolutely no impact on our systems or MJ Freeway services, and client and patient data is not at risk. While this theft poses no risk to our clients, patients, or business operations, we take any incident involving unauthorized access very seriously and have reported it to the Colorado Bureau of Investigation.

Unfortunately, it has come to our attention that our competitors are spreading inaccurate information about the incident, including baseless claims about SSL info and the potential for client data being compromised – neither of which is true. We encourage our customers to contact us directly with any questions they may have.”

To be clear, we don’t believe they have ever referred a case to the CBI (which we will gladly retract in the event that they reveal the results of the last investigation) Alas, due to the sheer volume of emails we’ve received on this matter, we figured that it was time to drop some knowledge on ya. They lyin.

We have now received multiple confirmations that unscrupulous actors are indeed selling real patient and business data that was extracted from dispensaries operating in Nevada, where MJ Freeway also holds a state software contract. Dispensaries are reportedly receiving emails like this:

for sale: customers tables

greetings we have great offer for you! thanks to site for post all code, we have obtain all data. you will find 2000 records of sample attached for your pleasure and trust. In total there is 56 thousands patient customers records to be paid for by you. we also has all records from sql table other than customers — strains, sales, plants, batches, areas and many more to list.

we think customers most value as u will grow you’re customers faster by reach out to already customers at other places. as you see also, we work with other group to add more better data. they help us clean, make data pretty and add more datas that are important. also….if u want user passwords to site……we have this too and if u want this we wont tell..we promise 🙂 🙂 🙂

all datas freshly download today 26.06.2017.

if u are interest plz write back and we work together for deal. we accept only bitcoin!!

Hearsay? Tell that to Brian Staffa, who’s had a firsthand look at the “records of sample”:

I have vetted the comment, and have seen the 2000 patient “sample list” and unfortunately it’s all very real.

Surely our state officials won’t stand behind THIS decision, right?




PA Dispensary Application Scorecards In Spreadsheet Format


PA just announced the Dispensary Permit winners, and here’s the results tabulated in google sheets for download. Or you can just copy and paste it into excel.

First impression – looks like a lot of applicants were rejected prior to scoring (see tab “NotScored”)


How Pennsylvania Gamed The Medical Marijuana Permitting Process – Part I

There’s Something Rotten in the City of Harrisburg

We need some number crunchers to look through the score cards, as they appear to be phony or altered. Here is a link to the scores in a spreadsheet:

Red Flag #1

Section 21 – Quality Control and Testing For Potential Contamination from the Grower/Processor Application, is a single yes or no checkbox:

QCThat’s literally the whole section. It is worth 50 points.

Just so that we are clear, the Department verified this point of confusion in their Question & Answer documents:


Given a question with only two possible answers, one would expect to see something like this as a result:


Instead, the scores for this category are somehow a range of 2 point decimal figures, and the highest scores show a strong correlation with the highest TOTAL scores, mostly the permit winners (sorted by High to Low by Quality Control Score):


Seem fishy? That’s why we need your help. Dig into that spreadsheet and expose this sham!





Winning Permit Applications For PA MMJ Growers Released [Transparency Overload]

For your convenience, here’s a summary of all 12 permit applications:


Love the fully redacted docs being released in the name of transparency! You can’t make this up.


Here are the applications that have been released:

GP-1005-17 (Prime Wellness, Berks County)

GP-1017-17 (Franklin Labs, Berks County)

GP-2018-17 (Pennsylvania Medical Solutions, Lackawanna County)

GP-2020-17 (Standard Farms, Luzerne County)

GP-3010-17 (Ilera Healthcare, Fulton County)

GP-3023-17 (AES Compassionate Care, Franklin County)

GP-4002-17 (Terrapin Investment Fund 1, Clinton County)

GP-4006-17 (GTI Pennsylvania, Montour County)

GP-5012-17 (AGRiMED Industries, Greene County)

GP-5016-17 (PurePenn, Allegheny County)

GP-6009-17 (Holistic Farms, Lawrence County)

GP-6012-17 (Cresco Yeltrah, Jefferson County)

More @Pennlive







BREAKING: PA Medical Marijuana Grower/Processor Permits Will Be Announced Tomorrow (6/20)!

Confirmed by Sacks Weston and Diamond here

Tuesday 20 June  at 1pm, John Collins, the Director of the Office of Medical Marijuana, will hold a press briefing to announce the recipients of the first twelve permits to grow and process medical marijuana in Pennsylvania, and provide additional information about implementation progress to date. Attendance will be limited to those with press credentials, but a live stream of the event will be available at