New probe launched into DHS’ ‘serious data breach’

Oct. 22, 2018

The Minnesota Office of Legislative Auditor has begun an investigation into the Department of Human Services’ handling of two security breaches, in which as many as 21,000 low-income Minnesotans on medical assistance may have had personal information compromised.

“I’m concerned about the lack of prompt reporting of a serious data breach,” said James Nobles, legislative auditor.

Nobles said his office is still waiting for a formal report from DHS explaining the full extent to the breaches.

It was back on June 28 and July 9 that two DHS employees clicked on a link in an email, which led hackers into the accounts, potentially compromising data that could include social security numbers, phone numbers, medical information and much more.

DHS sent letters on Oct. 9 to those 21,000 Minnesotans about the breaches.

Lawmakers on the Senate’s Health and Human Services Committee discussed the incidents at a meeting Oct. 17 in St. Paul.

“Could you please try and help us connect why there was such a failure here of four months before folks were notified of the compromising situation of their private data?” asked Sen. Mary Kiffmeyer, (R) Big Lake.

The chief privacy official for DHS represented the agency and took a few questions.

To the question of the gap in time to notify those affected, Leah Flygare said once they learned of the potential breach, they immediately worked to identify each individual who may have been affected. She stresses it’s a process that simply takes time.

DHS released the following statement about the breaches:

“Under state and federal law, DHS must investigate and report breaches without unreasonable delay and no later than 60 days after it learns about the breach. We were notified about the breach by MNIT Services Aug. 13.  DHS worked as quickly as possible to investigate this breach – which involved a detailed and labor-intensive review of a large number of emails and documents — and to notify anyone who may be impacted by this breach.”

KSTP has the full article

Sponsored Recommendations

A Cyber Shield for Healthcare: Exploring HHS's $1.3 Billion Security Initiative

Unlock the Future of Healthcare Cybersecurity with Erik Decker, Co-Chair of the HHS 405(d) workgroup! Don't miss this opportunity to gain invaluable knowledge from a seasoned ...

Enhancing Remote Radiology: How Zero Trust Access Revolutionizes Healthcare Connectivity

This content details how a cloud-enabled zero trust architecture ensures high performance, compliance, and scalability, overcoming the limitations of traditional VPN solutions...

Spotlight on Artificial Intelligence

Unlock the potential of AI in our latest series. Discover how AI is revolutionizing clinical decision support, improving workflow efficiency, and transforming medical documentation...

Beyond the VPN: Zero Trust Access for a Healthcare Hybrid Work Environment

This whitepaper explores how a cloud-enabled zero trust architecture ensures secure, least privileged access to applications, meeting regulatory requirements and enhancing user...