By CS Staff · December 29, 2016
New Hampshire health officials announced that a former psychiatric patient at a state hospital published the private health information of 15,000 people online in October of 2015.
The former New Hampshire Hospital patient allegedly used the institution’s library computer to access the personal data and post it to a social media website, says state Department of Health and Human Services Commissioner Jeffrey Meyers.
Making matters worse, a staff member at the hospital allegedly noticed the patient’s illegal online activity and told a supervisor about it, but it was never reported to hospital management or the state, according to techtimes.com.
Almost a year after that incident, in August of 2016, a hospital security officer informed hospital officials that the patient may have posted private information online, but an ensuing investigation found no evidence of a data breach.
Three months later, hospital security officials confirmed that the confidential data had indeed been posted online. Within 24 hours of the discovery, authorities had removed the information and opened a criminal investigation.
The people affected by the incident had all received services from the DHHS and weren’t necessarily patients at New Hampshire Hospital. The information publicized included names, addresses and social security numbers. Authorities have so far found no evidence that the information was misused.
Now hospital officials are reviewing their computer system policies and procedures to prevent a similar incident from occurring again.