Over 300K Individuals’ Data Affected by Minnesota Department of Human Services Data Breach

January 25, 2026HIPAA News Today0

The Minnesota Department of Human Services (DHS) sent notification to more or less 304,000 individuals regarding the unauthorized access to their demographic data. Counties, Tribal Nations, and managed care organizations used the data stored in the MnChoices system to help with their evaluation and planning work for state locals needing long-term support and services.

In November, HIPAA-covered third-party vendor, FEI Systems manage the MnChoices system and notified the Minnesota DHS concerning unauthorized access to stored information by a user connected with a licensed healthcare company. Although the user had a valid reason to access the system, he/she accessed some data without authorization. The user lost unauthorized access to the system on September 21, 2025. FEI Systems completely blocked the user’s access to the system on October 30, 2025.

For most affected persons, the breached data included demographic data. However, for 1,206 persons, there were more information accessed, including some health data, and the last four numbers of their Social Security numbers for selected individuals. The forensic investigation already determined the categories of data accessed, but it wasn’t possible to know exactly the breached data for every person. Because of the minimal nature of the compromised data, Minnesota DHS will not provide complimentary credit monitoring services to the affected individuals.

A forensic investigation was started to find out the actual types of data accessed and the people impacted. When notification letters were issued on January 16, 2026, there was no data misuse reported. Minnesota DHS stated that the user cannot access the system any more, and more safety measures were enforced to avoid the same unauthorized access mishaps later on.

The DHS Office of Inspector General received notification about the incident and created data-driven procedures to observe and assess billing data to find out if there occurred incorrect or falsifieduse of the accessed information. In case any bogus use is discovered, a comprehensive investigation will be done, and the issue will be sent to law enforcement. In that respect, the Minnesota DHS has required all people who get a notification letter concerning the incident to properly examine their health care statements and file a report on any suspicious payments or services.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2026 ComplianceHome. All rights reserved.