A former patient at Concord-based New Hampshire Hospital, a state psychiatric facility, accessed personal files of up to 15,000 Department of Health and Human Services (HHS) clients while working at a public computer in the organization’s library in 2015.
According to a New Hampshire Union Leader report, the breached data included names, addresses, social security numbers and Medicaid identification numbers of clients who received state services before November 2015. Some of the information was posted on social media just days before the Nov. 8 election, the report stated, though state officials quickly discovered the breach and took down the online data.
But, the state announcement on Dec. 27 came 53 days after the personal information posting on social media. HHS Commissioner Jeffrey Meyers said a criminal investigation is underway following the October 2015 incident in which the former patient accessed the personal information files while working at a public computer in the library of the facility.
According to the report, “State officials are convinced that while the personal information wasn’t posted until Nov. 4, this unidentified individual accessed it in October 2015. They believe this hacking was a single incident and did not continue over the intervening 13 months.”
Gov. Maggie Hassan’s spokesman said her administration acted quickly once it belatedly learned of this threat. “This data breach from October 2015 was just recently discovered by the state and is being treated with the utmost seriousness by all relevant state agencies,” said William Hinkle, Hassan’s communications director, per the Union Leader report.
