Hacking skills weren’t needed to gain access to confidential patient information of 15,000 individuals who had received services from the New Hampshire Department of Health and Human Services. All it required was a public computer.
According to the New Hampshire Union Leader, information like Social Security and Medicaid identification numbers was readily available on computers in the library of the state’s psychiatric hospital. In October 2015, a patient allegedly copied the information, emailed it to his own Gmail account and later posted it to Facebook—all because he was “bored and not happy being in the hospital,” according to a court affidavit.
While hospital staff quickly noticed the unauthorized access and banned the patient from using hospital computers, no report of the breach was made.
“There is no indication that the supervisor ever notified anyone in management of New Hampshire Hospital or anyone in HHS at that time,” said department commissioner Jeffrey Meyers. “What should have happened is the supervisor should have reported up the incident so that it could have been fully investigated at that time.”
For more on the breach and the holes in the department’s cybersecurity, click on the link below:
John joined TriMed in 2016, focusing on healthcare policy and regulation. After graduating from Columbia College Chicago, he worked at FM News Chicago and Rivet News Radio, and worked on the state government and politics beat for the Illinois Radio Network. Outside of work, you may find him adding to his never-ending graphic novel collection.