The Mental Health Center of Greater Manchester
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The breach at The Mental Health Center of Greater Manchester (MHCGM) in New Hampshire involved a data security incident that occurred at a third-party community partner, the Center for Life Management (CLM), which MHCGM had used for data storage. This incident, which took place on February 21, 2022, and was discovered by CLM on February 23, 2022, potentially impacted the privacy of certain information relating to MHCGM patients or those assessed for treatment by MHCGM. The information that may have been accessed included names, addresses, dates of birth, Social Security numbers, diagnoses, medical information, discharge information, and treatment locations and/or healthcare providers. Despite the breach, there was no evidence found that any individual’s specific information was viewed by an unauthorized individual, nor was there evidence that any individual’s data was removed or taken from CLM’s systems[3][5].
Following the discovery of the breach, MHCGM provided notice of the data privacy incident. On April 11, 2022, MHCGM determined it was unable to rule out unauthorized access to its data stored on CLM’s systems. An investigation was initiated to understand the extent of the breach and to take appropriate measures[3].
In a broader context, data breaches at several New Hampshire medical facilities, including MHCGM, were reported, involving potentially 150,000 people. In the specific case of MHCGM, the breach involved the improper storage of data in an unsecured manner. However, MHCGM reported that, as of July following the breach, none of the records involved had been stolen or used illegally[7].
MHCGM has taken steps to address the breach, including notifying the patients involved and providing a toll-free assistance line for those affected. The organization has also been transparent about the incident, emphasizing that they have nothing to hide and acknowledging the challenges in keeping data secure[7].
Citations:
- https://www.doj.nh.gov/consumer/security-breaches/documents/mental-health-center-greater-manchester-20220428.pdf
- https://www.boston.com/news/local-news/2023/08/25/former-residents-new-hampshire-youth-center-demand-federal-investigation-abuse-claims/
- https://www.prnewswire.com/news-releases/the-mental-health-center-of-greater-manchester-provides-notice-of-data-privacy-incident-301531088.html
- https://www.ctpost.com/news/article/uyi-osunde-stratford-superintendent-uconn-windsor-18561173.php
- https://www.databreaches.net/nh-center-for-life-management-breach-impacted-mental-health-clients/
- https://www.nhpr.org/health/2023-06-21/another-consequence-of-the-harvard-pilgrim-cyberattack-late-payments-are-straining-some-nh-health-providers
- https://indepthnh.org/2022/09/09/data-for-150000-people-potentially-exposed-in-medical-facility-leaks-in-n-h/
- https://www.ctpublic.org/news/2023-08-04/a-cyberattack-has-disrupted-hospitals-and-health-care-in-five-states-including-connecticut
- https://www.mhcgm.org
- https://www.ctinsider.com/journalinquirer/article/ct-hospital-cyberattack-fbi-echn-waterbury-health-18278981.php
- https://www.wmur.com/article/new-hampshire-psychiatric-patients-emergency-rooms/43105873
- https://www.unionleader.com/news/courts/judge-gives-state-12-months-to-end-er-boarding-of-psych-patients/article_1d1b07cd-81d8-5f5e-945c-ed70aef0944d.html
- https://www.doj.nh.gov/consumer/security-breaches/m.htm
- https://www.nashuatelegraph.com/news/local-news/2023/03/23/new-120-bed-mental-health-hospital-approved-quinn-reconfirmed-safety-commissioner/
- https://www.justice.gov/opa/pr/justice-department-intervenes-lawsuit-involving-new-hampshire-s-mental-health-system