Data breach compromised records of 300K people at Minnesota human services department
The Minnesota Department of Human Services last week distributed data breach notification letters disclosing that the demographic records of nearly 304,000 people had been compromised last fall.
According to the letter, the breach began in late August, when a user affiliated with a health care provider began accessing state data, without authorization, through a system called MnCHOICES. According to its website, that system supports counties, tribes and managed care organizations servicing state residents who need “long-term services and supports” that “they need to live a good life.”
According to the letter, the state has found “no evidence the information accessed in the system has been misused” and that the notification was provided “out of an abundance of caution.”
Over the course of approximately one month, the user accessed a system that provided income data, educational backgrounds and demographic data of hundreds of thousands of state residents. By the time the breach was detected on Nov. 18, the user had also accessed more detailed information — including names, phone numbers, dates of birth, addresses, Medicaid ID numbers and partial Social Security numbers — of more than 1,200 people.
The state said the user had been authorized to access some MnCHOICES data, but had accessed more “than was reasonably necessary to perform work assignments.”
The breach was reportedly identified by FEI Systems, a government IT firm in Maryland, that manages the system. At the department’s request, the vendor hired a cybersecurity company to conduct an additional forensic investigation.
Department officials said the state Office of Inspector General is monitoring billing information held on file to determine if any of the compromised information has been used to commit fraud. A statement provided by the department reads: “If potential fraud is identified, DHS will fully investigate and when appropriate refer those matters to law enforcement.”
