The posting of a Minnesota woman’s abortion records on Facebook without her consent has touched off a criminal investigation by state authorities while revealing the fragility of medical privacy in the social media era.

One of the Facebook posts, which apparently took place last fall, called the woman a “baby killer” and contained her picture. It also included a picture of her sonogram from a Planned Parenthood clinic and an admission form indicating how long the woman had been pregnant and the recommended methods of abortion for her to consider.

A cyber crimes investigator with the Minnesota Bureau of Criminal Apprehension (BCA) obtained a search warrant last fall and traveled to Facebook’s California headquarters to retrieve data and information for three profile pages on which the abortion records were posted. The search warrant information had been sealed until recently so that the perpetrators weren’t tipped off to the investigation.

One of the Facebook pages, which has nearly 3,000 friends and posts, was “used to harass, oppress, persecute and intimidate” the woman, investigator Joseph Murphy wrote in his search warrant application.

A spokesman for the BCA declined to comment on the case, other than to say it was ongoing and that no suspects are in custody and no charges have been filed.

The woman was identified only by her initials in the search warrant documents.

The incident is an unusual, but not unique, example of the way that social media has grown in influence as Americans debate thorny political issues such as abortion. A #shoutyourabortion movement and website have emerged in the last three years, part of an effort to destigmatize women who terminated their pregnancies, while opponents have similarly used online platforms to dissuade women from choosing abortion and promote the rights of fetuses.

Advocates, however, said it’s important to distinguish fervent communication or protests from online harassment of a type that has sometimes inflamed the abortion debate. Last month, for instance, a Rhode Island man was charged after sending dozens of e-mails threatening that he would kill and cannibalize a college professor due to her support for abortion rights.

The warrant in the Minnesota case, issued in Hennepin County District Court, indicates that the potential crime for posting the abortion records is stalking. While normally a misdemeanor offense, stalking can be elevated to a felony in some circumstances.

How the perpetrators obtained the woman’s medical records isn’t clear from the warrant, but the admission form uploaded to Facebook was a photograph rather than an original copy. One of the people posting the information referred to the woman by a family nickname, according to search warrant documents, which suggests the two were at least acquainted.

“We are deeply troubled by this report,” Jennifer Aulwes, a spokeswoman for Planned Parenthood’s Minnesota chapter, said in an e-mail. “It is completely inappropriate for private medical records to be made public in this way. We stand ready to work with law enforcement and our patients to help bring those responsible to justice.”

FBI notified

The state investigation started after the woman discovered the posting of her medical records and reported it to the FBI’s Minneapolis office on Oct. 5. In addition to a form from Planned Parenthood regarding her abortion, the post contained a document showing the woman’s birth control prescriptions.

The state investigator received the search warrant on Oct. 15 and traveled to Palo Alto, Calif., to obtain information from Facebook’s headquarters regarding the three profile pages on which the woman’s abortion records appeared. The warrant included a gag order of no more than 90 days to prevent Facebook from following its typical policy of notifying users before disclosing their information to investigators.

Facebook’s press office did not reply to requests for comments on the case.

The lack of a Minnesota criminal statute specific to cybercrimes makes it difficult to determine if such cases are on the rise locally, said Chuck Laszewski, a spokesman for the Hennepin County Attorney’s Office. However, a law passed in 2016 specifically covers the dissemination of private sexual images. The county attorney has handled 20 such cases involving adults and 14 involving juveniles, he said.

But across the country, cyberstalking has plainly become commonplace.

A North Carolina woman recently argued that she was victimized when a video posted to a crime blog led authorities to believe she had stolen liquor.

A Colorado man was jailed after making social media threats of a mass shooting in retaliation for years of romantic rejections.

And a New Jersey man was indicted on a charge of using fake Facebook profiles to lure teenagers to send him explicit images, and later threatening to broadly post those images.

U.S. Attorney Erica MacDonald, the top federal prosecutor in Minnesota, held a community forum in Bloomington earlier this month on such cases of “sextortion,” in which people threaten to post suggestive images of victims. She reported a 40% increase in such cases in the past year.

She said almost all of her investigations now involve online crimes, or scrutinizing culprits’ online profiles for evidence, and that adults and children need to take better care of their personal information.

Social media “leads to nefarious acts that weren’t possible before,” MacDonald said.

The use of abortion records for cyberstalking appears to be rare, but is not unprecedented. In 2018 a Texas man was sentenced to five years in federal prison for his actions in an abusive relationship, including creating a Facebook page to represent the fetus that had been aborted by the woman he allegedly raped.

Electronic medical records are typically protected by clinics and hospitals via passwords and encryptions. Aulwes said Planned Parenthood’s protections go beyond federal standards. The organization also requires multiple forms of ID from patients to ensure authenticity before discussing or disclosing records.

Those protections don’t extend to records that patients take or print at home, though. The Federal Trade Commission reported that such personal records are often the sources of medical identity theft, and recommends that people safely store records and prescription labels at home and then shred them when they are no longer needed.