A former patient at New Hampshire Hospital, a state psychiatric facility in Concord, used a hospital library computer in October 2015 to access information on up to 15,000 people who received services from the state health department. Hospital security staff found the confidential information posted on social media more than a year later.
State officials said the information — including names, addresses, Medicaid identification numbers and Social Security numbers — was removed within 24 hours of its discovery, according to a New Hampshire Union Leader report. State officials believe the personal information was posted only once, on Nov. 4, 2016.
Information pertained to clients of New Hampshire Department of Health and Human Services who received state services before November 2015, including welfare, Medicaid and child protective services.
State HHS Commissioner Jeffrey Meyers said a criminal investigation is underway. Officials declined comment to the New Hampshire Union Leader on why a criminal arrest has not yet been made.
Although Mr. Meyers said there is no evidence of misuse of the exposed information, he encouraged at-risk individuals — those who received DHHS services prior to November 2015 — to take steps to monitor their credit and bank statements.