Minnesota DHS data breach exposes over 300,000 records

Minnesota DHS data breach overview:

• Who: The Minnesota Department of Human Services (DHS) is addressing a data breach affecting nearly 304,000 individuals.
• Why: Unauthorized access to demographic records was identified, prompting an investigation.
• Where: The breach impacts individuals living in Minnesota and registered to the MnChoices system.

The Minnesota Department of Human Services has disclosed a significant data breach involving the unauthorized access of demographic records of more than 300,000 individuals.

The breach was linked to the MnChoices system, a tool used by counties, Tribal Nations and managed care organizations to assist in planning long-term services for state residents.

The breach was reported to Minnesota DHS by FEI Systems, the third-party vendor managing MnChoices, in November 2025. A user associated with a licensed healthcare provider accessed the data without proper authorization. This unauthorized access was halted on Sept. 21, 2025, and the user’s access was revoked by Oct. 30, 2025.

The breach primarily involved demographic information, but for 1,206 individuals, additional sensitive data, including some medical details and partial Social Security numbers, was accessed.

Despite a forensic investigation, it was impossible to pinpoint the exact data accessed for each individual.

“While the forensic investigation identified the categories of information accessed, it was not possible to determine, on a record-by-record basis, exactly what information was accessed for each individual,” as stated in an HIPAA Journal report.

DHS implements safeguards following MnChoices data breach

The Minnesota DHS has taken steps to address the data breach and prevent future incidents. A breach notification was sent to affected individuals on Jan. 16, and the DHS Office of Inspector General is actively monitoring for any fraudulent use of the accessed data.

“The DHS Office of Inspector General was made aware of the incident and has developed data-driven processes to monitor and evaluate billing information,” HIPAA reports.

In response to the breach, the DHS has enhanced its security measures and requested that individuals review their healthcare statements for any suspicious activity. The department has assured that no evidence of data misuse has been found so far.

Minnesota DHS is not offering credit monitoring services due to the limited nature of the data accessed. However, it urged affected individuals to remain vigilant and report any suspicious charges or services.

Anyone suspecting potential Medicaid fraud can report the incident by calling the Minnesota Department of Human Services at 651-431-2650.

The Minnesota DHS is not currently facing legal action over the data breach, but Top Class Actions follows such incidents closely as they sometimes lead to class action lawsuits.

In other news, the University of Phoenix and Oracle Corporation are being sued for failing to prevent a data breach affecting millions of students and not informing of the breach in a timely manner. 

Are you affected by the Minnesota Department of Human Services data breach? Let us know in the comments.

Read About More Class Action Lawsuits & Class Action Settlements:

• P&G hit with another class action over alleged lead in Tampax Pearl tampons
• Lyft class action alleges Priority Pickup service is slower than advertised
• Ford recalls over 119,000 Ford Focus and other vehicles due to engine heater fire risk
• Live It Up Super Greens supplement recalled due to salmonella outbreak