Skip to content Skip to navigation

Breach of HHS Data from 2015 Becomes Public

December 28, 2016
by Rajiv Leventhal
| Reprints

A former patient at Concord-based New Hampshire Hospital, a state psychiatric facility, accessed personal files of up to 15,000 Department of Health and Human Services (HHS) clients while working at a public computer in the organization’s library in 2015.

According to a New Hampshire Union Leader report, the breached data included names, addresses, social security numbers and Medicaid identification numbers of clients who received state services before November 2015. Some of the information was posted on social media just days before the Nov. 8 election, the report stated, though state officials quickly discovered the breach and took down the online data.

But, the state announcement on Dec. 27 came 53 days after the personal information posting on social media. HHS Commissioner Jeffrey Meyers said a criminal investigation is underway following the October 2015 incident in which the former patient accessed the personal information files while working at a public computer in the library of the facility.

According to the report, “State officials are convinced that while the personal information wasn’t posted until Nov. 4, this unidentified individual accessed it in October 2015. They believe this hacking was a single incident and did not continue over the intervening 13 months.”

Gov. Maggie Hassan’s spokesman said her administration acted quickly once it belatedly learned of this threat. “This data breach from October 2015 was just recently discovered by the state and is being treated with the utmost seriousness by all relevant state agencies,” said William Hinkle, Hassan’s communications director, per the Union Leader report.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

IBM Security: Healthcare Cyber Attacks Prevalent, but Less Records Breached in ’16

A new report from IBM Security found that healthcare—not too long ago the most attacked industry by cyber criminals—fell out of the top five of most breached industries.

FBI Notification: Cyber Criminals Targeting FTP Servers to Compromise PHI

The Federal Bureau of Investigation issued a warning that cyber criminals are actively targeting File Transfer Protocol (FTP) servers operating in “anonymous” mode and associated with medical and dental facilities to access protected health information (PHI).

Texas HIE Approved as CMS Qualified Registry

Healthcare Access San Antonio (HASA), a health information exchange (HIE) organization in San Antonio and surrounding Texas counties, has received clearance from the Centers for Medicare & Medicaid Services (CMS) to become a qualified registry.

Media Report: Evolent Health Exploring Merger with Advisory Board

Evolent Health, an Arlington, Va.-based healthcare technology provider, is exploring a potential combination with The Advisory Board, a Washington, D.C.-based healthcare consulting firm, according to a report from Reuters published on Friday.

Urology Austin Falls Victim to Ransomware Attack, Alerts 200K Patients

The Texas-based Urology Austin has acknowledged that it fell victim to a ransomware attack in January, and has since notified some 200,000 patients that their information might have been breached.

University of Maryland Medical System Earns HIMSS Stage 6 Recognition

The University of Maryland Medical System (UMMS), based in Baltimore, has achieved Stage 6 on HIMSS Analytics’ Electronic Medical Record Adoption Model (EMRAM) for the ambulatory environment.