The Minnesota Department of Human Services (DHS) issued a notice to thousands of residents after a data breach may have exposed their personal health information.
According to the notice, hackers gained access to the email accounts of two DHS employees and sent out spam emails using their accounts. The phishing attacks likely happened around June 28 and July 9.
The employees’ email accounts contained the information of several people who interacted with DHS. Information that may have been exposed included: first and last names, dates of birth, Social Security numbers, addresses, telephone numbers, medical information, educational records, employment records and/or financial information.
While the notice didn’t directly state how many individuals had their information exposed during the phishing attacks, a report by the the Star Tribune cited about 21,000 Minnesotans’ information was affected during the incident.
DHS said there’s no evidence if information was viewed, downloaded or misused, and encouraged people to protect themselves against identity theft by monitoring credit reports.
“We continue to work hard to protect against these and other types of data security incidents. We teach DHS employees about email best practices and how to respond to data security incidents,” the notice said. “We use the technology at our disposal to its fullest potential to prevent and mitigate data security incidents, and push for security technology upgrades. We update relevant policies and procedures.”
Danielle covers Clinical Innovation & Technology as a senior news writer for TriMed Media. Previously, she worked as a news reporter in northeast Missouri and earned a journalism degree from the University of Illinois at Urbana-Champaign. She's also a huge fan of the Chicago Cubs, Bears and Bulls.