Minnesota DHS Announces Significant IT System Data Breach, Over 300,000 Affected

The Minnesota Department of Human Services reported a significant data security breach involving unauthorised access to a vendor-managed IT system by an individual associated with a healthcare provider.

 

The Minnesota Department of Human Services (DHS) oversees essential programs that help vulnerable Minnesotans meet basic needs and achieve stability, including medical assistance, nutrition support, child welfare, and services for seniors, people with disabilities, and those facing mental health or substance use challenges.

 

In a data security notice on its website, DHS said it was notified in November by FEI Systems—the vendor that manages the MnCHOICES system—of an incident affecting the system. MnCHOICES is used by counties, Tribal Nations, and managed care organisations to help assess and plan long-term services and support for Minnesotans in need.

 

The investigation concluded that a user associated with a healthcare provider accessed the MnCHOICES system without authorisation, resulting in the exposure of demographic records for over 300,000 individuals and additional data for 1,206 others.

 

“DHS and its vendor, FEI Systems, confirmed that the unauthorised access stopped on September 21, 2025. The user’s access to MnCHOICES was fully removed on October 30, 2025,” Minnesota DHS said.

 

While the Minnesota DHS did not share details about which healthcare provider the individual belonged to or the full nature of the compromised information, it confirmed that sensitive personal data—including the last four digits of Social Security numbers—were accessed. The agency also confirmed that personal banking and credit card information are not in the system and were not accessed.

 

Minnesota DHS added that it has identified at least 303,965 individuals affected by the incident. 

 

“DHS ordered a forensic investigation to be completed by the vendor. At this time there is no evidence information has been misused. Additional safeguards have been put in place to prevent similar incidents.

 

“The DHS Office of Inspector General is aware of this incident and has developed data-driven processes to monitor and evaluate billing information, in an effort to identify whether there was fraudulent or inappropriate use of the accessed data. If potential fraud is identified, DHS will fully investigate and when appropriate refer those matters to law,” the agency added.