IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.
Cybersecurity

Minnesota DHS Reports Access-Related Data Breach

Minnesota’s case is one of several breaches of late involving legitimate access, a recurring issue in provider-heavy government health and human services systems.

January 23, 2026 • 
News Staff
A blue-colored image of a stethoscope on a table overlaid with a graph and a hexagon pattern.
Shutterstock
A single user inappropriately accessed private data within the Minnesota Department of Human Services (DHS) ecosystem, potentially impacting 303,965 individuals, officials report.

Unlike ransomware attacks or system hacks, the Minnesota incident did not involve an outside cyber attack or service disruption. Instead, it stemmed from access by a user who had legitimate credentials, a type of incident that appears in federal breach disclosures, which under the Health Insurance Portability and Accountability Act (HIPAA) must be reported to the U.S. Department of Health and Human Services within 60 days of discovery. DHS reported this incident on Jan. 16.

In Minnesota’s case, a user who was affiliated with a licensed health-care provider accessed data in the MnCHOICES system without authorization from Aug. 28 to Sept. 21, according to the agency website. MnCHOICES is used by counties, tribal nations, managed care organizations and consultation services providers to support their assessment and planning work for residents who need long-term services and support. The unnamed service provider has been terminated from using the system.

The HIPAA Journal reports that hacking and similar IT incidents account for most health-care security breaches, while unauthorized access and disclosure are also on the rise. These include errors, negligence, snooping and data theft, according to the report, with 112 reported to the federal government in 2025.

One specific example of the federal breach reports is an instance involving Jackson Health System, a county-owned public health system in Florida, which fired an employee for accessing patient information to promote a personal health-care business, according to a news release. The access occurred from July 2020 to May 2025.

In Minnesota, DHS confirmed that the user’s access to the MnCHOICES system was terminated Oct. 30. The system’s vendor hired a cybersecurity firm to investigate. The agency reported that there is no evidence that the accessed information has been misused, and its Office of Inspector General is monitoring billing data to identify potential fraudulent or inappropriate activity.

DHS has posted notifications to affected individuals and asked that they review health-care statements and look for anything suspicious.

Tags:

CybersecurityMinnesotaHealth and Human ServicesPrivacyState Government
News Staff
See More Stories by News Staff
Related Content
An emergency warning alert is shown as a red triangle with an exclamation point, "rising" from a man's cellphone as he clutches it.
Cybersecurity
Spokane County, Wash., Recovers From Attack on Alert System
January 22, 2026
The downtown cityscape of New London, Conn., and its waterfront ferry port on the Thames River.
Cybersecurity
Changes at Connecticut Port Authority After Phishing Attack
January 22, 2026
A red cloud symbol with a jagged black line through it and red lettering above it that reads "BREACH!" This is surrounded by light blue lines and circles against a black background.
Cybersecurity
Minnesota Human Services Data Breach May Affect 300K People
January 20, 2026
Silhouette of a person wearing headphones sitting in front of computer screens in a 911 dispatch center.
Cybersecurity
New Pact Will Up 911 Cybersecurity for Somerset County, Pa.
January 16, 2026
Aerial view of the Mississippi Capitol building.
Cybersecurity
Eleven States Have Signed Up for MS-ISAC’s New Paid Membership
January 16, 2026
 · Rae D. DeShong
Missouri capitol
Cybersecurity
Missouri Bill Would Eliminate Cybersecurity Task Force
January 15, 2026
gov-footer-logo-2024.png
GT-footer-logo.png
II-footer-logo.png
NAV-footer-logo.png
CDG-footer-logo.png
CDE-footer-logo.png
CPSAI-footer-logo.png
EM-footer-logo.png