New Hampshire
Table of Contents
- Identity Theft Statistics
- Top Ten Report Categories
- Top Identity Theft Types
- Fraud & Other Reports by Metropolitan Area
- New Hampshire’s Recent Biggest Data Breaches
- What Should You Do if You Are in a Breach?
- Step-by-Step Process for Responding to a Data Breach
- Responsibilities of Companies that Have Been Breached
- Laws
- Resources
Data breaches happen when unauthorized persons access confidential information in computer systems in unsecured environments. New Hampshire has been experiencing a growing number of health data breaches over the past five years. Between 2020 and 2023, a data breach in New Hampshire-based healthcare clearinghouse Inmediata exposed the personal information of 1.5 million consumers. It divulged protected patient data to strangers conducting online searches from any location in the US. The US healthcare sector has witnessed a 256% increase in hacking-related data breaches over the past five years. The average cost of these data breaches increased from $10.1 million in 2022 to $10.9 million in 2023. Most large-scale healthcare-related data breaches target confidential patient information and use it for financial fraud or identity theft.
Identity Theft Statistics
Reports
Reports
Losses
Top Ten Report Categories
Top Identity Theft Types
New Hampshire's Recent Biggest Data Breaches
Hinsdale School District Cyber Attack
The Hinsdale School District experienced a cyber attack that adversely affected its computing network in December 2023. Hackers targeted the school's laptops and computers with a ransomware attack on December 11. That affected the learning operations of the Hinsdale School District's 532 students. Upon discovering the attack, school district officials engaged a specialized cybersecurity response group to recover its affected systems. The team succeeded in restoring the district's office administrative and instructional functions. School district officials have since implemented stronger security measures to prevent the possibility of similar attacks in the future.
Point32Health Data Breach
Point32Health, Massachusetts' second-largest insurer, suffered a cyber attack in March 2023. The institution, which has more than 2.5 million clients, experienced a ransomware attack when one of its components was targeted by hackers. The Harvard Pilgrim Health Care was infiltrated on March 28, 2023. The hackers retained control of the system until forensic investigators detected the intrusion. They blocked it on April 2023. The data breach enabled the hackers to access Point32Health's clients' Social Security numbers, physical addresses, taxpayer ID numbers, health insurance account information, and birth dates. The institution has since been subjected to multiple class action lawsuits. Its executives notified law enforcement officials and clients of the data breach and engaged third-party experts to investigate. Point32Health has offered affected clients identity theft protection and credit monitoring services at no cost for 24 months. The institution has also implemented better security measures to prevent similar attacks in the future.
Dartmouth Health Cheshire Medical Center Data Breach
The Dartmouth Health Cheshire Medical Center experienced a cyber attack from the KillNet hacktivist group in 2023. KillNet uses hacking techniques to advertise political ideologies and agendas. KillNet promotes Russian geopolitical ideologies and directs DDoS attacks to government institutions indirectly or directly promoting Ukraine's war efforts. The DDoS attack slowed down the functioning of Dartmouth Health Cheshire Medical Center's information portals and websites. The cyber attack also delayed connection requests and caused a service outage that lasted a few hours. The Dartmouth Health Cheshire Medical Center has since engaged security experts to strengthen its security system and prevent similar attacks in the future.
NuLife Med Data Breach
NuLife Med, a New Hampshire-based medical device manufacturer, experienced a cyber attack in 2022. Between March 9 and 11, unauthorized parties accessed the institution's computer system and viewed personal information belonging to NuLife Med's clients. The institution's personnel revealed that the data breach exposed the driver's license information, Social Security numbers, and health insurance information of 81,244 clients. Its executives emphasized they took immediate steps to deal with the security breach. NuLife Med's personnel also disclosed that subsequent investigations into the incident showed no evidence of fraud resulting from the hacking incident. The institution has since strengthened its security and computer systems to prevent similar incidents in the future.
Peterborough Town Computer Hack
In 2021, Peterborough Town in New Hampshire was hacked and robbed of $2.3 million. The hackers posed as officials affiliated with Beck & Belluci contractors and the ConVal School District. They approached Peterborough Town municipal officials seeking vendor payments for services provided by Beck & Belluci contractors and the ConVal School District. The unsuspecting town workers sent invoices to the hackers' accounts. Once they discovered their mistake, the town officials engaged the Public Risk Management Exchange (PRIMEX). The town was awarded $125,000 coverage, and the US Secret Service assisted with the recovery of more than $603,000, which was sent to Beck & Bellucci. Peterborough has since been able to pay all balance due to Beck & Bellucci and ConVal.
What Should You Do if You Are in a Breach?
Unfortunately, data breaches are pretty common now, considering our online connections and dependence on digital service delivery. Criminals work in the shadows to steal your personal information, so sometimes, it's only when you notice certain signs that ongoing fraud becomes apparent. These danger signs apply to both individuals and businesses.
Unfamiliar
Credit Card Charges
If you find unauthorized transactions on your credit card, there is a significant possibility your phone number, email address, or card number has been compromised.
Calls from
Debt Collectors
Phone calls or letters from collection agencies seeking debt payment for a loan you do not remember taking are also signs of identity theft.
New Credit Cards
or Loans in Your Name
A new line of credit in your name or a loan taken is a warning sign you are a victim of identity theft.
Surprise Credit
Score Drops
Sudden credit drops with no obvious cause are a sign of suspicious activities.
Unusual Activity on Your
Social Security Account
The federal government also considers social security numbers personal identifiers, so check your social security statement regularly to ensure no one has access to benefits without consent.
Inability to
Sign-in to Accounts
If you are locked out of the account, it is usually because someone has hacked into it and changed the password. You should immediately try all possible recovery options and contact customer support if all fails.
Step-by-Step Process for Responding to a Data Breach
Contact Local Law Enforcement
As an individual or a business, report the incident to the police and file a police report.
Assess and Secure Compromised Areas
Identify which aspects of your information have been affected, such as emails, passwords, credit card numbers, social security numbers, full names, and phone numbers.
Contain the Breach
Isolate the affected system to prevent further damage.
Create New, Strong Passwords for All Accounts
This may involve changing usernames and passwords for compromised platforms, using strong passwords with a mix of upper and lower-case letters, digits, and special characters.
Notify Affected Institutions
Inform your bank, credit card companies, and other affected institutions. Request they close or freeze any accounts that may be implicated in the breach to reduce financial risk.
Update Security on Digital Accounts
Change passwords for all accounts affected by the breach. Make sure each password is totally unique, and you use two-factor verification as an additional layer of security.
Check for Malware
Examine your computers and mobile devices for installed malware. Install robust antivirus software to detect and remove any viruses or malicious software.
Freeze Your Credit
In cases of identity theft, contact all credit bureaus to freeze your credit.
Monitor Your Mail and Credit Reports
Keep an eye out for any unauthorized changes in your mail.
Engage Legal Assistance When Applicable
If you are a business, consider hiring a law firm experienced in handling data breaches.
Responsibilities of Companies that Have Been Breached
N.H. Rev. Stat. §§ 359-C:19 explains the actions business organizations or owners should take when data breaches compromise personal information. This Statute applies to any organization, partnership, entrepreneur, limited liability company, or unincorporated association that operates in New Hampshire and licenses computerized data. The type of personal information that is legally protected in New Hampshire includes financial account codes, passwords, and numbers, Social Security numbers, debit and credit card numbers, and government identification documents like driver's license numbers. Under this Statute, business entities must notify clients of data breaches whenever unauthorized persons access their personal data. Additionally, business entities must inform the New Hampshire attorney general's office when such data breaches occur. Business organizations may delay informing their clients about data breaches that affect their personal information if this action will jeopardize ongoing criminal investigations. Entities should inform affected persons about data breaches using established communication methods including email notice, telephone, or written notice. State laws allow entities to issue substitute notices when more than 1,000 persons are affected by the data breach or the cost of notification surpasses $5,000. N.H. Rev. Stat. §§ 359-C:19 stipulates that data breach notices must include the business organization's phone number and the kind of personal data that has been exposed. The notice should also explain how it happened. All notices informing consumer reporting agencies about data breaches should include the date when notifications were sent and the number of customers that received them.
Laws
- N.H. Rev. Stat. §§ 359-C:19, passed in 2007 in New Hampshire, is a privacy law that discusses data breach notification policies within the State. It stipulates the regulations business owners and organizations in New Hampshire must follow when they experience cyber-attacks that cause data breaches. This Statute empowers New Hampshire's attorney general to penalize business entities that do not adhere to regulations pertaining to data breaches within the State.
- The New Hampshire Consumer Protection Act provides New Hampshire residents with rights related to their personal data. Under this Law, business entities have a duty to protect the accessibility, integrity, and confidentiality of personal data like health information, financial account numbers, codes, passwords, and Social Security numbers.
Resources
- Breach Notification
- Hinsdale Schools, N.H., Investigating Ransomware Attack
- New Hampshire Cyber Threat Assessment
- New Hampshire Department of Justice: Consumer Sourcebook
- New Hampshire Town scammed out of $2.3 Million by Cyber Criminals.
- NH Medical Device Company faces Data Security Incident, 81K Impacted
- Ransomware Attack Triggers Multiple Lawsuits against Harvard Pilgrim Healthcare & Point32Health