Published: Fri, December 30, 2016
Local | By Adrian Hale

15k patients' info shared on social media from NH Hospital data breach

15k patients' info shared on social media from NH Hospital data breach

Jeffrey Meyers, commissioner of the state's Department of Health and Human Services (DHHS), said the patient used a computer in the New Hampshire Hospital's library in October 2015 to illegally access the personal data of 15,000 individuals who had received services from the department.

While DHHS emphasized that there have been no reports of credit card fraud or identity theft, New Hampshire Gov. Maggie Hassan (D) released a statement stressing that the incident "is being treated with the utmost seriousness by all relevant state agencies". On Nov. 4, hospital security notified authorities that the individual had posted confidential information online.

The New Hampshire breach comes as health care information has become more valuable to hackers: Health care-record hacking rose 11,000 percent a year ago alone, affecting roughly one in three Americans, NBC News reported. Personal information such as birth dates, addresses, Social Security numbers, Medicaid identification numbers and medical services record. While the staff member notified a supervisor, who took steps to restrict access to the library computers, the incident was not reported to management at New Hampshire Hospital or DHHS.

In August, security officials observed that the former patient was posting data on social media.

The Hassan administration waited 53 days to tell 15,000 Granite Staters that their Social Security and Medicaid numbers had been made public, just a week before Hassan quits to take her Senate seat. This was reported to the Department of Information Technology, the State Police and other state officials.

Dennis, who is on state insurance, said her fear is what someone could do if they have her information.

"With the assistance of law enforcement, the information was removed from social media within 24 hours and a criminal investigation is ongoing".

The Department of Health and Human Services has retained cybersecurity experts from Deloitte to assist in its investigation of the breach and develop an action plan to avoid future incidents, spokesman Jake Leon said. There's no evidence the private information was misused.

Just a week before her office was made aware of the breach, Hassan issued an executive order to form a cybersecurity task force created to tighten safeguards on state systems.

Like this: