Indian Health Board of Minneapolis Investigated for Data Breach Impacting Thousands
The Indian Health Board of Minneapolis, a nonprofit outpatient clinic serving over 5,000 patients annually in Hennepin County and the Twin Cities, disclosed a data breach on December 15, 2025, to the U.S. Department of Health and Human Services. The incident may have exposed sensitive personally identifiable information (PII) and protected health information (PHI) of current and former patients, though the exact number of affected individuals and the full scope of compromised data remain undisclosed.
The clinic, operational since 1971, provides medical, dental, psychiatric, and community health services, including HIV testing and substance abuse treatment. Legal firm Shamis & Gentile P.A., specializing in data breach class actions, is investigating the incident on behalf of potential victims.
Affected individuals may face risks such as identity theft, fraud, and privacy violations. Under state and federal law, those impacted could be entitled to compensation for damages, including time spent addressing the breach, emotional distress, and out-of-pocket expenses. Even without immediate harm, victims may qualify to join a class action lawsuit.
The breach underscores ongoing vulnerabilities in healthcare data security, particularly for organizations handling sensitive patient information. Further details on the breach’s cause and remediation efforts have not been released.
Source: https://www.claimdepot.com/investigations/indian-health-board-of-minneapolis-data-breach-2026
Indian Health Board of Minneapolis, Inc. cybersecurity rating report: https://www.rankiteo.com/company/indian-health-board-of-minneapolis-inc-
"id": "IND1769569769",
"linkid": "indian-health-board-of-minneapolis-inc-",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Thousands (exact number '
'undisclosed)',
'industry': 'Healthcare',
'location': 'Hennepin County, Twin Cities, Minnesota, '
'USA',
'name': 'Indian Health Board of Minneapolis',
'size': 'Serves over 5,000 patients annually',
'type': 'Nonprofit Outpatient Clinic'}],
'customer_advisories': 'Affected individuals may face risks such as identity '
'theft, fraud, and privacy violations. They may '
'qualify for compensation for damages, including time '
'spent addressing the breach, emotional distress, and '
'out-of-pocket expenses.',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_publicly_disclosed': '2025-12-15',
'description': 'The Indian Health Board of Minneapolis disclosed a data '
'breach on December 15, 2025, which may have exposed sensitive '
'personally identifiable information (PII) and protected '
'health information (PHI) of current and former patients. The '
'exact number of affected individuals and the full scope of '
'compromised data remain undisclosed.',
'impact': {'data_compromised': 'Personally Identifiable Information (PII), '
'Protected Health Information (PHI)',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential compensation for damages under '
'state and federal law'},
'investigation_status': 'Under investigation',
'references': [{'source': 'U.S. Department of Health and Human Services'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit',
'regulations_violated': ['State and federal data '
'protection laws'],
'regulatory_notifications': 'U.S. Department of '
'Health and Human '
'Services'},
'response': {'third_party_assistance': 'Shamis & Gentile P.A. (legal '
'investigation)'},
'title': 'Indian Health Board of Minneapolis Data Breach',
'type': 'Data Breach'}