Greater Nashua Mental Health

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Greater Nashua Mental Health (GNMH), a nonprofit entity operating as a New Hampshire Community Mental Health Center, experienced a data security incident that was discovered on February 23, 2022. The breach potentially impacted data belonging to current and former participants of the center. The investigation, aided by cybersecurity experts, determined that the incident occurred around February 21, 2022. The compromised information could include addresses, dates of birth, social security numbers, diagnosis codes, medication names, court liaison discharge notes, and healthcare provider organizational names. However, the investigation did not find any evidence of personal information being posted on the internet or any actual misuse of the data. In response, GNMH has taken steps to prevent future incidents, notified potentially impacted individuals, and provided resources to assist them, including establishing a toll-free call center for inquiries related to the incident[1].

The breach at GNMH was part of a larger series of data breaches affecting several New Hampshire medical facilities, potentially exposing the data of 150,000 people. Specifically, the records of 1,085 people involved in court-ordered diversion programs at GNMH were compromised, including sensitive information such as social security numbers and medical details. Despite the breach, there has been no reported misuse of the exposed data so far[2].

For those concerned about their information being involved in the incident, GNMH has provided steps to protect personal information, including contacting financial institutions if suspicious activity is detected and considering placing a fraud alert or security freeze on credit files. The organization has also provided contact information for the three national credit reporting agencies for further assistance[1].

This incident underscores the importance of robust cybersecurity measures and the potential risks to personal information in the digital age, even within trusted healthcare institutions.

Citations:

  1. https://gnmhc.org/greater-nashua-mental-health-notice-of-data-security-incident/
  2. https://indepthnh.org/2022/09/09/data-for-150000-people-potentially-exposed-in-medical-facility-leaks-in-n-h/
  3. https://www.doj.nh.gov/consumer/security-breaches/documents/community-council-nashua-dba-greater-nashua-mental-health-20220505.pdf
  4. https://www.nashuatelegraph.com/news/local-news/2022/09/10/data-for-150000-people-potentially-exposed-in-medical-facility-leaks-in-nh/
  5. https://gnmhc.org/privacy-policy/
  6. https://www.beckersbehavioralhealth.com/behavioral-health-technology/4-recent-hacks-and-data-breaches-at-mental-health-clinics.html
  7. https://www.oplc.nh.gov/sites/g/files/ehbemt441/files/inline-documents/sonh/lassins-p-sa-20120724.pdf
  8. https://apps.web.maine.gov/online/aeviewer/ME/40/e269484a-f7d5-430c-ac92-5acd585642fa.shtml
  9. https://oig.hhs.gov/fraud/enforcement/settlement-with-greater-nashua-mental-health-center-for-medicaid-billing-practices/
Breach Submission Date May 04, 2022
Converted Entity Name Greater Nashua Mental Health
Converted Entity Type Healthcare Provider
State NH
Individuals Affected 1,085
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes