The Minnesota Department of Human Services has disclosed a data breach affecting approximately 304,000 individuals after a user affiliated with a licensed healthcare provider accessed state records without authorization.
What happened
Between August 28 and September 21, 2025, a user affiliated with a licensed healthcare provider accessed demographic records through MnCHOICES, a system used by counties, tribal nations, and managed care organizations to support assessment and planning for Minnesotans needing long-term services and support.
FEI Systems, the Maryland-based vendor that manages MnCHOICES, detected unusual activity in mid-November and notified the department. The user's access to the system was terminated on October 30, 2025. At the department's request, FEI Systems hired a cybersecurity firm to conduct a forensic investigation.
The user accessed names, sex, dates of birth, phone numbers, addresses, Medicaid ID numbers, and the last four digits of Social Security numbers for approximately 303,965 individuals. For 1,206 of those individuals, the user accessed additional demographic information including ethnicity, birth records, physical traits, education, income, and benefits data. The department reported the incident to the U.S. Department of Health and Human Services on January 16, 2026, and mailed notification letters to affected individuals beginning January 16.
The big picture
This incident represents a category of breach that appears frequently in federal healthcare breach disclosures: unauthorized access by users with legitimate credentials. According to the U.S. Department of Health and Human Services Office for Civil Rights (OCR) Breach Portal, while hacking and IT incidents account for most healthcare security breaches, unauthorized access and disclosure incidents are rising. These include errors, negligence, snooping, and data theft, with close to one hundred such incidents reported to the federal government in 2025.
The breach comes as federal prosecutors have been examining allegations of widespread fraud in Minnesota’s social services programs. The department’s Office of Inspector General (OIG) is monitoring billing information to determine whether the compromised data has been used to commit fraud.
Why it matters
Insider threats present distinct challenges for healthcare organizations. Unlike external attacks that exploit technical vulnerabilities, access-related breaches occur within systems functioning as designed. Users with legitimate credentials can access sensitive information without triggering traditional security alerts, making detection more difficult.
The approximately four-month gap between when the breach occurred and when affected individuals received notification reflects the complexity of investigating insider incidents. Organizations must verify the scope of unauthorized access, determine which records were viewed, and prepare individualized notices before disclosure.
Law firms including Lynch Carpenter and Srourian Law Firm have announced investigations into potential class action claims against the Minnesota Department of Human Services and FEI Systems.
What they're saying
The department acknowledged the incident in its notification letter to affected individuals. "Since learning of the incident, we have implemented additional technical safeguards to prevent similar incidents in the future," the letter states.
A department spokesperson explained the notification timeline. Officials needed to verify who was affected and prepare notices, which cannot be sent until the investigation is complete.
Regarding potential misuse of the data, the department stated, "If potential fraud is identified, DHS will fully investigate and when appropriate refer those matters to law enforcement."
What to watch
The department's Office of Inspector General continues monitoring billing data to identify potential fraudulent or inappropriate activity stemming from the breach. The forensic investigation has found no evidence that the accessed information has been misused, but monitoring remains ongoing.
Multiple law firms have opened investigations into potential class action litigation. Lynch Carpenter is investigating claims against both the Minnesota Department of Human Services and FEI Systems related to the breach.
Affected individuals have been advised to review healthcare statements and credit reports for suspicious activity and report suspected Medicaid fraud to the department.
FAQs
What is MnCHOICES?
MnCHOICES is a Minnesota state system used by counties, tribal nations, managed care organizations, and consultation services providers to support assessment and planning work for residents who need long-term services and support. The system helps coordinate care for vulnerable populations requiring ongoing assistance.
What is an insider threat?
An insider threat occurs when someone with authorized access to an organization's systems uses that access inappropriately. Unlike external attacks that breach security perimeters, insider threats involve users who already have legitimate credentials but access, share, or misuse information beyond the scope of their authorized duties.
What is the difference between a data breach and unauthorized access?
A data breach involves external attackers exploiting technical vulnerabilities to infiltrate systems and steal information. Unauthorized access occurs when someone with legitimate credentials accesses data beyond the scope of their authorized duties. Both result in compromised information, but unauthorized access incidents often evade traditional security measures because the user already has valid system permissions.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
