Insurance data compromised at Minnesota Department of Human Services

About 21,000 individuals receiving health insurance through the Minnesota Department of Human Services are affected by a potential breach.

The state agency is notifying those individuals that their protected health information may have been compromised following two phishing incidents at the department that occurred between June 28 and July 9.

The incidents involved hackers getting access to the state email accounts of two DHS employees and using the accounts to send out spam emails. Other executive agencies in DHS also were affected and the state’s information technology services secured the email accounts to stop the spread of phishing emails.

Minnesota_State_Capitol-CROP.jpg

“We continue to work hard to protect against these and other types of data security incidents,” Emily Piper, the department commissioner, told affected individuals. “We teach DHS employees about email best practices and how to respond to data security incidents. We use the technology at our disposal to its fullest potential to prevent and mitigate data security incidents and push for security technology upgrades.”

Also See: Email phishing attack compromises data of respiratory care provider.

The department is advising individuals to take steps to protect against identity theft by asking to get an initial credit report and getting a free report every year from the three consumer credit reporting agencies, by checking the credit report for transactions or accounts not recognized, and to call the Federal Trade Commission website on identity theft if information in the credit report is not understood.

Because only a relatively small number of people affected by the breaches had their financial information compromised, the offering of protective services such as credit and identity theft protection were not included in the patient notification letter. However, the agency will respond to individual requests for protective services.

“We will also be preparing a report about these incidents,” Piper advised affected individuals. “You may ask us to send you a copy of this report by mail or email by writing or calling us. We sincerely regret these data security incidents and apologize for any impact they may have on you or your family.”

The department also issued a statement on the breach to Health Data Management:

“The Minnesota Department of Human Services takes very seriously our responsibility to protect the private information and data of Minnesotans and will continue our vigilant efforts to uphold the highest standards of IT security and data privacy.”

For reprint and licensing requests for this article, click here.