Skip to main content

Patient Information On Social Media Shows Need For Better Security

By January 17, 2017May 24th, 2021Cybersecurity

patientA very strange and disturbing case of the theft of protected health information has come from the New Hampshire Department of Health and Human Services (DHHS). The department recently reported on an incident that occurred in October 2015, in which a former psychiatric patient was able to access non-confidential information from a computer located in the hospital’s library.

The fact that a psychiatric patient (current or former) was able to access the information at all is disturbing enough, but there’s more to the story. This incident was observed by a member of the staff, who notified his supervisor who, to his credit, took steps to restrict the access of the library’s computer to put such information off-limits.

Unfortunately, while steps were taken, the incident was not reported to upper management in either the New Hampshire Hospital or DHHS. Not long thereafter, that same former patient posted non-confidential information on social media, which was when the hospital became aware that he had not only accessed, but also copied the information.

At this point, law enforcement and DHHS officials got involved and an investigation launched.

Unfortunately, the deeper they dug, the worse it got.

As it turns out, the former patient had also been able to access protected health information, which also wound up on social media. In all, nearly fifteen thousand DHHS clients had their personal information exposed, including names, addresses and social security numbers.

The information was removed just hours after it was discovered, but there’s no way to tell if anyone made copies during the brief window of time it was widely visible.

The criminal investigation into the matter is ongoing, and the hospital’s IT department has identified and eliminated the flaw that allowed the breach in the first place. However, this incident underscores just how easy it is to miss one small detail and open the door to a breach which could have serious consequences.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.