Employee snooping at Littleton Regional hospital went undetected
When the Littleton Regional Hospital received a complaint from a patient on March 25, they initiated an investigative audit that revealed that the patientâ€™s information had been improperly accessed by a former employee on three separate occasions going back to October 2008. The breach was then promptly reported (pdf) to the patient on March 27 and then to theÂ to the New Hampshire Attorney Generalâ€™s Office on April 13.
This is one of those small breaches that do not involve financial information but could be very distressing to the victim. So the question becomes: if Littletonâ€™s security and privacy protections were inadequate to prevent such snooping, what are they going to do differently going forward? There was no indication in the notification.