The department sent affected individuals — all of whom had interacted with the department between October 2010 and July 2018 — a notice dated Oct. 9. Most of the affected individuals had interacted with Minnesota’s State Medical Review Team, which determines disability status as required under various programs.
Department officials told KSTP that the accounts may have been accessed after two employees clicked on a link they received in a phishing email.
In a statement posted on its website, the department said, “We currently have no evidence that this information was actually clicked, viewed, downloaded or misused.”
It is unclear what specific personal information was compromised, but the department notified HHS’ Office for Civil Rights, which requires entities to report breaches of more than 500 individuals’ protected health information.
More articles on cybersecurity:
Anthem’s $16M HIPAA settlement largest in history
Allscripts adds former Humana, IBM Watson Health leaders to payer, life sciences business
It takes healthcare organizations 55 days to detect a breach, survey finds
