A breach in a Minnesota Department of Human Services system allowed inappropriate access to the private data of nearly 304,000 people.
There is not evidence the data was misused, the department said in a Jan. 16 letter notifying impacted individuals. The letter was sent about four months after the breach occurred.
The department said in a statement that its Office of Inspector General has been monitoring billing information to identify whether the data was used to commit fraud.
The breach comes as federal prosecutors have been examining allegations of widespread fraud in numerous state social services programs, which has landed Minnesota in the national spotlight.
For nearly a month starting in late August, a user affiliated with a licensed health care provider accessed data in the state MnCHOICES system without authorization, the notification letter states. Counties, tribes and others use the MnCHOICES system to do assessments and planning for Minnesotans who need long-term services and supports.
The user accessed people’s names, sex, date of birth, phone number, address, Medicaid ID and the last four digits of their social security number. They got additional data for 1,206 people, including demographic information, such as their ethnicity, birth record, physical traits, education, income and benefits.
The user that got the data was authorized to access limited information in the MnCHOICES system but “accessed more data than was reasonably necessary to perform work assignments,” the state’s letter says. The user hasn’t had access to the system since Oct. 30.
The state asked people affected by the breach to review their health care statements and credit reports and flag anything suspicious.
