Was New Hampshire Hospital Data Breach Kept Quiet To Help Hassan?

Print More


Click for statement by Health and Human Services Commissioner Jeffrey Meyers: State Psychiatric Hospital Patient Breached 15,000 DHHS Client Records

GOP Chairman Jennifer Horn accused Governor Maggie Hassan’s administration of withholding information about the New Hampshire Hospital data breach that was made public on Tuesday until after the election to help her U.S. Senate campaign, but Hassan’s spokesman said that is absolutely not true.

“The decision to withhold information about this breach was obviously political in nature and poorly served patients of the New Hampshire Hospital. In an extremely close U.S. Senate race, this misconduct from the Hassan Administration made the difference and will indelibly taint Hassan’s slim victory and her term in Washington,” Horn said. Hassan defeated Sen. Kelly Ayotte in November.

Hassan spokesman William Hinkle said the data breach from October 2015 was just recently discovered by the state and is being treated with the utmost seriousness by state agencies.

“The New Hampshire Republican Party is being typically absurd, and it is wrong to project politics into this serious situation,” Hinkle said.

As soon as the data breach was discovered, HHS immediately began working in coordination with the Attorney General’s office and the State Police to launch an investigation, including to identify what information had been taken and what individuals were potentially impacted, Hinkle said in an email.

“This was a significant undertaking and the release of information has been made in accordance with legal procedure and to ensure a proper and full investigation,” Hinkle said.

On November 4, 2016, DHHS was informed by New Hampshire Hospital security that someone who had accessed the data while a patient at the hospital had posted confidential, personal information to a social media site. State officials and law enforcement were immediately informed, and the personal information was removed.

Health and Human Services Commissioner Jeffrey Meyers said earlier Tuesday that as a result of the investigation to date, DHHS has determined that the breached files contain protected health information and personal information for as many as 15,000 DHHS clients who received services from DHHS prior to November 2015. All available information indicates that this was an isolated incident stemming from unauthorized access in October 2015.

Hinkle said the incident highlights the importance of continuing to strengthen the state’s cyber security efforts to protect personal data from both hackers and human error.

“We have taken a number of steps in the past several years, including creating a Cybersecurity Integration Center and training all state employees on cyber security. The Department of Health and Human Services and Information Technology, in coordination with the Attorney General and State Police, are investigating this incident and taking required steps to notify all those that may have been impacted,” Hinkle said.