New Hampshire psychiatric patient accused of data breach

CONCORD, N.H. (AP) — A former patient at New Hampshire’s state psychiatric hospital posted confidential information about thousands of people on a social media website, health officials said Tuesday.

Department of Health and Human Services Commissioner Jeffrey Meyers said a patient using a computer in the New Hampshire Hospital library in October 2015 accessed information on as many as 15,000 people who had received department services. At the time, a hospital staffer noticed the patient had found nonconfidential department information and alerted a supervisor, but the incident was not reported to hospital management or the state.

In August, a security officer at the hospital informed the state that the individual may have posted some information online but an investigation at that time did not reveal any evidence that confidential information had been breached. On Nov. 4, however, hospital security notified authorities that the patient had posted the confidential information online.

Advertisement

The information, which included names, addresses and Social Security numbers, was removed within 24 hours, and a criminal investigation was launched. There’s no evidence the private information was misused or that credit card or banking information was accessed. The department is notifying those who may have been affected and is recommending that anyone who received services from DHHS before November 2015 take steps to monitor their credit and bank statements.

“We sincerely apologize and regret that this situation has occurred,” Meyers said in the letters notifying clients. “Please be assured that DHHS takes the matter of privacy and security in the handling of confidential information very seriously.”

Meyers wrote that officials are investigating what happened and trying “to mitigate any effects.” He also said officials were reviewing computer systems, policies and procedures.

DHHS spokesman Jake Leon said the breached files did not include confidential patient records from New Hampshire Hospital. The records were for DHHS clients who received services from any of the bureaus or divisions of the state’s largest agency, which oversees welfare benefits, Medicaid, child protective services and many other programs.

The exposed files did not include every piece of personal information for every individual but rather a combination of name, address, Social Security number or Medicaid identification number, he said.

Advertisement

New Hampshire Republican Party Chairwoman Jennifer Horn quickly accused Democratic Gov. Maggie Hassan of withholding information about the breach until after Election Day, when Hassan defeated Republican U.S. Sen. Kelly Ayotte.

Hassan’s spokesman, William Hinkle, said the Republican Party was being “typically absurd” in trying to inject politics into the situation. He said the investigation was a significant undertaking and the release of information “has been made in accordance with legal procedure and to ensure a proper and full investigation.”