Two phishing attacks on Minnesota DHS breach 21,000 patient records
October 12, 2018 / Jessica Davis
Two employees of the Minnesota Department of Human Services fell for phishing attacks, which potentially breached 21,000 patient records over the course of more than one month. The first email compromise began on June 28, the second on July 9, but officials said the IT department did not discover the hack until August. The subsequent investigation could not determine whether the hackers were able to access or copy the emails. Both accounts were secured upon discovering the hack. Most of the patients impacted by the breach had interacted with the State Medical Review Team, while others had received services from the DHS Direct Care and Treatment facilities. The emails in question contained names, addresses, phone numbers, Social Security numbers, employment information, and other personal data.