Minnesota DHS Reports Data Breach Affecting 300,000 in MnCHOICES Program
The Minnesota Department of Health and Human Services (DHS) is notifying residents after a data breach exposed sensitive information from approximately 300,000 users of the MnCHOICES program. The incident, discovered in November, involved unauthorized access by a "provider-associated" user within the web-based system, which is used by counties, Tribal Nations, and managed care facilities to assess long-term care and support eligibility.
FEI Systems, the vendor managing the program, alerted state officials to the breach. While the unauthorized user has since been blocked, a forensic analysis confirmed that the accessed data has not been misused. The compromised information may include personal and medical details used in eligibility determinations.
Affected individuals will receive letters from the Minnesota DHS with guidance to monitor their medical statements for suspicious activity. The Minnesota DHS Office of Inspector General is leading the ongoing investigation into the incident.
Source: https://minnesotasnewcountry.com/ixp/66/p/minnesota-health-data-security/
FEI Systems cybersecurity rating report: https://www.rankiteo.com/company/fei-systems2
Minnesota Department of Human Services cybersecurity rating report: https://www.rankiteo.com/company/minnesota-department-of-human-services
"id": "FEIMIN1769103080",
"linkid": "fei-systems2, minnesota-department-of-human-services",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '300,000',
'industry': 'Healthcare / Social Services',
'location': 'Minnesota, USA',
'name': 'Minnesota Department of Health and Human '
'Services (DHS)',
'type': 'Government Agency'}],
'attack_vector': 'Unauthorized access by insider',
'customer_advisories': 'Letters sent to affected individuals with monitoring '
'guidance',
'data_breach': {'data_exfiltration': 'Not confirmed',
'number_of_records_exposed': '300,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal information',
'Medical details']},
'date_detected': '2023-11',
'description': 'The Minnesota Department of Health and Human Services (DHS) '
'is notifying residents after a data breach exposed sensitive '
'information from approximately 300,000 users of the MnCHOICES '
'program. The incident involved unauthorized access by a '
"'provider-associated' user within the web-based system, which "
'is used by counties, Tribal Nations, and managed care '
'facilities to assess long-term care and support eligibility.',
'impact': {'data_compromised': 'Personal and medical details used in '
'eligibility determinations',
'identity_theft_risk': 'High',
'systems_affected': 'MnCHOICES web-based system'},
'investigation_status': 'Ongoing (led by Minnesota DHS Office of Inspector '
'General)',
'references': [{'source': 'Minnesota DHS'}],
'response': {'communication_strategy': 'Affected individuals notified via '
'letters with guidance to monitor '
'medical statements',
'containment_measures': 'Unauthorized user blocked',
'third_party_assistance': 'FEI Systems (forensic analysis)'},
'threat_actor': 'Provider-associated user',
'title': 'Minnesota DHS Reports Data Breach Affecting 300,000 in MnCHOICES '
'Program',
'type': 'Data Breach'}