A former patient at New Hampshire Hospital, a state psychiatric facility in Concord, used a hospital library computer in October 2015 to access information on up to 15,000 people who received services from the state health department.
What happened? A patient accessed patient data in October 2015 via a personal computer in the hospital library.
A security officer at the New Hampshire Hospital told the state that the individual may have already done so, but no evidence of a breach was found during the subsequent investigation.
Information included names, birth dates, possible Social Security numbers and even medical records. There’s no evidence related to misused of the private information or that credit card or banking informations was accessed. In the course of investigation, we learned that this individual was observed by a staff member to have accessed non-confidential DHHS information on a personal computer located in the New Hampshire Hospital library. DHHS will send a written notification through the USA mail to all individuals who were affected, for whom they have a valid mailing address. The department is notifying those who may have been affected and is recommending that anyone who received services from DHHS before November 2015 take steps to monitor their credit and bank statements.
DHHS is making available a toll-free telephone number that affected individuals may call with questions about this incident.
DHHS spokesman Jake Leon said the breached files did not include confidential patient records from New Hampshire Hospital. They informed DHHS, who in turn reported it to the Department of Information Technology (DIT). State officials and law enforcement were immediately informed, and the personal information was removed.
“This is a very serious situation, and HHS along with our Department of Information Technology, state police, the Attorney General’s Office and our homeland security agencies are all working together as the investigation continues”, Hassan said.
DHHS is following all federal and state requirements regarding a breach of protected health information and personal information.
The New Hampshire breach comes as health care information has become more valuable to hackers: Health care-record hacking rose 11,000 percent past year alone, affecting roughly one in three Americans, NBC News reported.