Skip to content Skip to navigation

Breach of HHS Data from 2015 Becomes Public

December 28, 2016
by Rajiv Leventhal
| Reprints

A former patient at Concord-based New Hampshire Hospital, a state psychiatric facility, accessed personal files of up to 15,000 Department of Health and Human Services (HHS) clients while working at a public computer in the organization’s library in 2015.

According to a New Hampshire Union Leader report, the breached data included names, addresses, social security numbers and Medicaid identification numbers of clients who received state services before November 2015. Some of the information was posted on social media just days before the Nov. 8 election, the report stated, though state officials quickly discovered the breach and took down the online data.

But, the state announcement on Dec. 27 came 53 days after the personal information posting on social media. HHS Commissioner Jeffrey Meyers said a criminal investigation is underway following the October 2015 incident in which the former patient accessed the personal information files while working at a public computer in the library of the facility.

According to the report, “State officials are convinced that while the personal information wasn’t posted until Nov. 4, this unidentified individual accessed it in October 2015. They believe this hacking was a single incident and did not continue over the intervening 13 months.”

Gov. Maggie Hassan’s spokesman said her administration acted quickly once it belatedly learned of this threat. “This data breach from October 2015 was just recently discovered by the state and is being treated with the utmost seriousness by all relevant state agencies,” said William Hinkle, Hassan’s communications director, per the Union Leader report.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

New York Presbyterian Brooklyn Methodist Revalidated as EMRAM Stage 7

Due to its use of RFID technology to improve patient care and outcomes, New York Presbyterian Brooklyn Methodist Hospital (NYPBMH) has received acute care Stage 7 revalidation on the HIMSS Analytics Electronic Medical Record Adoption Model (EMRAM).

Dana Alexander Named 2016 HIMSS Nursing Informatics Leadership Award Winner

Dana Alexander, R.N., has been named the recipient of the 2016 HIMSS-ANI Nursing Informatics Leadership Award, a joint award sponsored by Alliance for Nursing Informatics (ANI) and HIMSS.

Agency Leadership Update: Collins Stays at NIH, Bindman Leaves AHRQ

As President-elect Donald Trump is sworn in as the United States’ 45th president at noon today, there has been an ongoing administration shuffle as agency leaders have stepped down as part of the presidential transition.

Reports: Indiana Cancer Services Agency Hacked, Won’t Pay Ransom

Earlier this month, Cancer Services of East Central Indiana- Little Red Door’s terminal server and backup drive were hacked by cybercriminal TheDarkOverlord, leading to a ransom demand that the cancer services facility will not pay, according to media reports.

Insurer to Pay $2.2M HIPAA Settlement for Disclosure of Unsecured ePHI

MAPFRE Life Insurance Company of Puerto Rico has agreed to settle potential noncompliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by paying $2.2 million.

Avoidable Hospitalizations among LTC Residents Drops by 31 Percent

A data brief from the Centers for Medicare & Medicaid Services (CMS) has revealed that avoidable hospitalizations among long-term care facility residents has dropped by about 31 percent since 2010.