The Mental Health Center of Greater Manchester

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The breach at The Mental Health Center of Greater Manchester (MHCGM) in New Hampshire involved a data security incident that occurred at a third-party community partner, the Center for Life Management (CLM), which MHCGM had used for data storage. This incident, which took place on February 21, 2022, and was discovered by CLM on February 23, 2022, potentially impacted the privacy of certain information relating to MHCGM patients or those assessed for treatment by MHCGM. The information that may have been accessed included names, addresses, dates of birth, Social Security numbers, diagnoses, medical information, discharge information, and treatment locations and/or healthcare providers. Despite the breach, there was no evidence found that any individual’s specific information was viewed by an unauthorized individual, nor was there evidence that any individual’s data was removed or taken from CLM’s systems[3][5].

Following the discovery of the breach, MHCGM provided notice of the data privacy incident. On April 11, 2022, MHCGM determined it was unable to rule out unauthorized access to its data stored on CLM’s systems. An investigation was initiated to understand the extent of the breach and to take appropriate measures[3].

In a broader context, data breaches at several New Hampshire medical facilities, including MHCGM, were reported, involving potentially 150,000 people. In the specific case of MHCGM, the breach involved the improper storage of data in an unsecured manner. However, MHCGM reported that, as of July following the breach, none of the records involved had been stolen or used illegally[7].

MHCGM has taken steps to address the breach, including notifying the patients involved and providing a toll-free assistance line for those affected. The organization has also been transparent about the incident, emphasizing that they have nothing to hide and acknowledging the challenges in keeping data secure[7].

Citations:

  1. https://www.doj.nh.gov/consumer/security-breaches/documents/mental-health-center-greater-manchester-20220428.pdf
  2. https://www.boston.com/news/local-news/2023/08/25/former-residents-new-hampshire-youth-center-demand-federal-investigation-abuse-claims/
  3. https://www.prnewswire.com/news-releases/the-mental-health-center-of-greater-manchester-provides-notice-of-data-privacy-incident-301531088.html
  4. https://www.ctpost.com/news/article/uyi-osunde-stratford-superintendent-uconn-windsor-18561173.php
  5. https://www.databreaches.net/nh-center-for-life-management-breach-impacted-mental-health-clients/
  6. https://www.nhpr.org/health/2023-06-21/another-consequence-of-the-harvard-pilgrim-cyberattack-late-payments-are-straining-some-nh-health-providers
  7. https://indepthnh.org/2022/09/09/data-for-150000-people-potentially-exposed-in-medical-facility-leaks-in-n-h/
  8. https://www.ctpublic.org/news/2023-08-04/a-cyberattack-has-disrupted-hospitals-and-health-care-in-five-states-including-connecticut
  9. https://www.mhcgm.org
  10. https://www.ctinsider.com/journalinquirer/article/ct-hospital-cyberattack-fbi-echn-waterbury-health-18278981.php
  11. https://www.wmur.com/article/new-hampshire-psychiatric-patients-emergency-rooms/43105873
  12. https://www.unionleader.com/news/courts/judge-gives-state-12-months-to-end-er-boarding-of-psych-patients/article_1d1b07cd-81d8-5f5e-945c-ed70aef0944d.html
  13. https://www.doj.nh.gov/consumer/security-breaches/m.htm
  14. https://www.nashuatelegraph.com/news/local-news/2023/03/23/new-120-bed-mental-health-hospital-approved-quinn-reconfirmed-safety-commissioner/
  15. https://www.justice.gov/opa/pr/justice-department-intervenes-lawsuit-involving-new-hampshire-s-mental-health-system
Breach Submission Date Apr 22, 2022
Converted Entity Name The Mental Health Center of Greater Manchester
Converted Entity Type Healthcare Provider
State NH
Individuals Affected 1,322
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes