Health officials in New Hampshire revealed on Tuesday, Dec. 27, that a former psychiatric patient at a state hospital posted thousands of pieces of private information on a social media website.
Jeffrey Meyers, commissioner of the state's Department of Health and Human Services (DHHS), said the patient used a computer in the New Hampshire Hospital's library in October 2015 to illegally access the personal data of 15,000 individuals who had received services from the department.
During that time, one of the hospital staff noticed that the culprit discovered nonconfidential information on the department and informed a supervisor about it. However, the incident was never reported to the hospital's management or to the state.
Confidential Information Breach
As early as August 2016 there had been indications that the psychiatric patient may have posted some of the illegally retrieved information online.
A security officer at the New Hampshire Hospital told the state that the individual may have already done so, but no evidence of a breach was found during the subsequent investigation.
The posting, however, was later confirmed after hospital security found that the patient had indeed added the breached confidential information online. They informed authorities about it in November.
Officials said the personal data included the names, addresses, and Social Security numbers of people who had received services from the DHHS. Authorities removed all of the confidential information online within 24 hours and launched a criminal investigation immediately.
There is no evidence that the private data was misused or that any of the banking or credit card information was accessed.
The DHHS is already contacting individuals who may have been affected by the data breach. It also advises that any person who received services from the department before November 2015 to review their bank and credit statements and monitor their credit for any suspicious activity.
Reviewing Computer Systems And Data Policies
Meyers offered an apology to individuals possibly affected by the data breach. He also assured that the DHHS takes the privacy and security of its clients' confidential information seriously.
The DHHS informed clients that steps are being undertaken to find out what happened exactly and to mitigate any of its potential effects. Officials have also begun reviewing the department's computer systems, procedures and policies.
Jake Leon, a spokesman for the DHHS, clarified that the breached confidential information involved records of clients who received services from the department. It does not include private data of patients at the New Hampshire Hospital.
He said the leaked data included a combination of names, addresses, Social Security numbers or Medicaid ID numbers.