FEI Systems
Company Details
Linkedin ID:
fei-systems2
Website:
Employees number:
449
Number of followers:
24,114
NAICS:
5415
Industry Type:
Homepage:
feisystems.com
IP Addresses:
12
Company ID:
FEI_2669061
Scan Status:
Completed
FEI Systems Company CyberSecurity Posture
feisystems.com
FEI Systems is a leading information technology, services, and analysis organization. We specialize in healthcare solutions for federal, state, and local governments. For the past decade, we have been at the forefront in our primary areas of expertise: Behavioral Health Data Systems and Information Technology Solutions, Long Term Services and Supports Software Solutions, health IT, and all phases of the Software Development Life Cycle for Federal clients. At the heart of our success you'll find a talented team of experts who have helped our customers bridge the gap between the business needs of their organization, and the application of technologies required to successfully manage them.
FEI Systems A.I CyberSecurity Scoring
FEI Systems Risk Score (AI oriented)Between 0 and 549
FEI Systems
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
FEI Systems Global Score (TPRM)XXXX
FEI Systems
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
FEI Systems Company CyberSecurity News & History
Past Incidents
4
Attack Types
1
FEI Systems: Minnesota Department of Human Services data breach impacts 300K
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota DHS Data Breach Exposes Personal Information of Nearly 304,000 Individuals In late August, an unauthorized user affiliated with a licensed healthcare provider accessed sensitive data in Minnesota’s MnCHOICES system a platform used by counties, tribes, and agencies to assess and plan long-term services for vulnerable populations. The breach persisted for nearly a month before being detected. The unauthorized access included names, dates of birth, addresses, phone numbers, Medicaid IDs, and the last four digits of Social Security numbers for nearly 304,000 individuals. For 1,206 people, additional details such as ethnicity, birth records, physical traits, education, income, and benefits were exposed. The user, who had legitimate but limited access to MnCHOICES, exceeded their authorized permissions by retrieving more data than necessary for their role. Access was revoked on October 30 after FEI Systems, the vendor managing the system, detected unusual activity in mid-November and reported it to the state. A forensic investigation was subsequently launched. The Minnesota Department of Human Services (DHS) stated there is no evidence the data was misused, though the Office of Inspector General is monitoring billing records for potential fraud. Affected individuals were notified via a January 16 letter, nearly four months after the breach occurred. The delay was attributed to the need to verify impacted records and complete the investigation before issuing notices. In response, DHS implemented additional technical safeguards and reported the incident to the Minnesota Office of the Legislative Auditor and the U.S. Department of Health and Human Services. The breach highlights vulnerabilities in systems handling sensitive health and social services data.
FEI Systems and Minnesota Department of Health and Human Services: Minnesota Health Program Faces Data Breach Affecting 300,000
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota DHS Reports Data Breach Affecting 300,000 in MnCHOICES Program The Minnesota Department of Health and Human Services (DHS) is notifying residents after a data breach exposed sensitive information from approximately 300,000 users of the MnCHOICES program. The incident, discovered in November, involved unauthorized access by a "provider-associated" user within the web-based system, which is used by counties, Tribal Nations, and managed care facilities to assess long-term care and support eligibility. FEI Systems, the vendor managing the program, alerted state officials to the breach. While the unauthorized user has since been blocked, a forensic analysis confirmed that the accessed data has not been misused. The compromised information may include personal and medical details used in eligibility determinations. Affected individuals will receive letters from the Minnesota DHS with guidance to monitor their medical statements for suspicious activity. The Minnesota DHS Office of Inspector General is leading the ongoing investigation into the incident.
FEI Systems and Minnesota Department of Human Services: Minnesota Agency Notifies 304,000 of Vendor Breach
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota Agency Reports 304,000-Person Data Breach Linked to Vendor Access Misuse The Minnesota Department of Human Services (DHS) has notified nearly 304,000 individuals of a data breach involving unauthorized access to its *MnChoices* system, a platform used by counties, tribal nations, and managed care organizations to assess eligibility for long-term services, including disability, housing, and mental health support. The system is managed by third-party vendor FEI Systems. On November 18, 2025, FEI detected "unusual user activity" and reported it to DHS the following day. An investigation revealed that between August 28 and September 21, 2025, a worker affiliated with a licensed healthcare provider accessed data beyond their authorized scope. While the user had legitimate access to limited information, they retrieved more data than necessary for their role. DHS revoked the provider’s access on October 30, 2025. The breach exposed demographic details for 303,965 individuals, with an additional subset of 1,206 affected by further data exposure. Compromised information includes names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, race, financial eligibility details, and program-specific data. Authorities found no evidence of external hacking. The DHS Office of Inspector General is monitoring billing records for potential fraud, while the incident has been reported to the Minnesota Office of the Legislative Auditor and the U.S. Department of Health and Human Services as a HIPAA breach. Since the user was not a DHS employee, no disciplinary action was taken by the agency. FEI has not provided further comment.
FEI Systems and Minnesota Department of Human Services: Minnesota Agency Notifies 304,000 of Vendor Breach
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Minnesota Agency Reports 304,000-Person Data Breach Linked to Vendor System The Minnesota Department of Human Services (DHS) is notifying nearly 304,000 individuals of a data breach involving unauthorized access to its MnChoices system, a third-party IT platform managed by FEI Systems. The system is used by counties, tribal nations, and managed care organizations to assess eligibility for long-term services, including disability, housing, and mental health support. The breach was detected on November 18, 2025, when FEI Systems identified "unusual user activity" and reported it to DHS the following day. An investigation revealed that a healthcare worker affiliated with a licensed provider accessed data beyond their authorized scope between August 28 and September 21, 2025. The state revoked the provider’s access on October 30, 2025, and FEI commissioned a forensic review at DHS’s request. Exposed data includes names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, and sensitive details such as ethnicity, income, and program eligibility. While 303,965 individuals had demographic information accessed, an additional 1,206 had more extensive records compromised. Authorities found no evidence of external hacking, and the DHS Office of Inspector General is monitoring for potential fraud. The incident was reported to the Minnesota Office of the Legislative Auditor and the U.S. Department of Health and Human Services as a HIPAA breach. Since the unauthorized user was not a DHS employee, no disciplinary action was taken by the agency. FEI Systems has not provided further comment.
FEI Systems Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for FEI Systems
Incidents vs IT Services and IT Consulting Industry Average (This Year)
FEI Systems has 55.95% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
FEI Systems has 28.57% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types FEI Systems vs IT Services and IT Consulting Industry Avg (This Year)
FEI Systems reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — FEI Systems (X = Date, Y = Severity)
FEI Systems cyber incidents detection timeline including parent company and subsidiaries
FEI Systems Company Subsidiaries
FEI Systems is a leading information technology, services, and analysis organization. We specialize in healthcare solutions for federal, state, and local governments. For the past decade, we have been at the forefront in our primary areas of expertise: Behavioral Health Data Systems and Information Technology Solutions, Long Term Services and Supports Software Solutions, health IT, and all phases of the Software Development Life Cycle for Federal clients. At the heart of our success you'll find a talented team of experts who have helped our customers bridge the gap between the business needs of their organization, and the application of technologies required to successfully manage them.
Loading...
FEI Systems Similar Companies
NTT DATA North America
NTT DATA, Inc. is a trusted global innovator of business and technology services. We're committed to helping clients innovate, optimize and transform for long-term success. Our R&D investments help organizations and society move confidently and sustainably into the digital future. As a Global Top Em
Oracle
We’re a cloud technology company that provides organizations around the world with computing infrastructure and software to help them innovate, unlock efficiencies and become more effective. We also created the world’s first – and only – autonomous database to help organize and secure our customers’
Luxoft, a DXC Technology Company (NYSE: DXC), is a digital strategy and software engineering firm providing bespoke technology solutions that drive business change for customers the world over. Acquired by U.S. company DXC Technology in 2019, Luxoft is a global operation in 44 cities and 21 countrie
Amadeus
We make the experience of travel better for everyone, everywhere by inspiring innovation, partnerships and responsibility to people, places and planet. Our technology powers the travel and tourism industry. We inspire more connected ways of thinking, centered around the traveler. Our platform c
FIS
Unlocking financial technology. Bringing the world’s money into harmony. At FIS, we advance the way the world pays, banks, and invests. With decades of expertise, we provide financial technology solutions to financial institutions, businesses, and developers. Headquartered in Jacksonville, Florida,
SoftwareOne
SoftwareOne is a global software and cloud solutions provider. With a presence in over 70 countries and a team of around 13,000 professionals, we combine global scale and local expertise to help clients optimize costs, accelerate growth, and navigate complex IT environments with confidence. Leveragi
Lenovo is a US$69 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a
Appen
Appen has been a leader in AI training data for over 25 years, providing high-quality, diverse datasets that power the world's leading AI models. Our end-to-end platform, deep expertise, and scalable human-in-the-loop services enable AI innovators to build and optimize cutting-edge models. We spec
LTIMindtree
LTIMindtree is a global technology consulting and digital solutions company that partners with enterprises across industries to reimagine business models, accelerate innovation, and drive AI-centric growth. Trusted by more than 700 clients worldwide, we use advanced technologies to enable operationa
.png)
FEI Systems CyberSecurity News
January 20, 2026 01:13 AM
Minnesota Department of Human Services data breach impacts 300K
A breach in a Minnesota Department of Human Services system allowed inappropriate access to the private data of nearly 304,000 people.
October 21, 2025 07:00 AM
AWS October 2025 Outage: What Financial Executives Must Learn About Cloud Risk Management
On October 20, 2025, AWS experienced a major outage that disrupted global operations. Learn how CFOs and financial executives can mitigate...
September 16, 2025 07:00 AM
Cybersecurity jobs available right now: September 16, 2025
Here are the worldwide cybersecurity job openings available as of September 16, 2025, including on-site, hybrid, and remote roles.
February 14, 2024 08:00 AM
Meet ETCIO SEA Transformative CIOs 2023 Winner Shao Fei Huang
Shaofei Huang is the Chief Information Security Officer for Singapore's public transport service provider SMRT Corporation Ltd.
November 02, 2022 07:00 AM
Rail cybersecurity leader Cylus appoints SMRT CISO Shao Fei Huang to advisory board
Shao Fei Huang, Group CISO of SMRT Corporation Ltd, will support Cylus' product development and expansion globally.
July 05, 2022 07:00 AM
SMRT Corporation finds new CISO - Industry Movements - Security
SMRT Corporation, Singapore's public transport operator, has appointed Huang Shao Fei as its chief information security officer.
December 14, 2021 08:00 AM
Satisfying Your AML Obligations After a Cybersecurity Incident
There are several steps organizations should take to ensure compliance with SARs reporting for cyber events.
July 22, 2019 07:00 AM
Encryption everywhere
While encryption will deter data breaches, it comes with its own baggage — and keys It is not a question of if the bad actors will access...
February 26, 2018 08:00 AM
Cybersecurity in the Cloud Era
As CFOs assume greater responsibilities for operational risk management, it's critical to understand security, privacy, and compliance...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
FEI Systems CyberSecurity History Information
Official Website of FEI Systems
The official website of FEI Systems is http://www.feisystems.com.
FEI Systems’s AI-Generated Cybersecurity Score
According to Rankiteo, FEI Systems’s AI-generated cybersecurity score is 414, reflecting their Critical security posture.
How many security badges does FEI Systems’ have ?
According to Rankiteo, FEI Systems currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has FEI Systems been affected by any supply chain cyber incidents ?
According to Rankiteo, FEI Systems has been affected by multiple supply chain cyber incidents. The affected supply chain sources and their corresponding incident IDs are:
- FEI Systems (Incident ID: FEI1768877970)
- FEI Systems (Incident ID: FEIMIN1769103080)
- FEI Systems (Incident ID: FEIMIN1768948386)
- FEI Systems (Incident ID: FEIMIN1768969952)
Does FEI Systems have SOC 2 Type 1 certification ?
According to Rankiteo, FEI Systems is not certified under SOC 2 Type 1.
Does FEI Systems have SOC 2 Type 2 certification ?
According to Rankiteo, FEI Systems does not hold a SOC 2 Type 2 certification.
Does FEI Systems comply with GDPR ?
According to Rankiteo, FEI Systems is not listed as GDPR compliant.
Does FEI Systems have PCI DSS certification ?
According to Rankiteo, FEI Systems does not currently maintain PCI DSS compliance.
Does FEI Systems comply with HIPAA ?
According to Rankiteo, FEI Systems is not compliant with HIPAA regulations.
Does FEI Systems have ISO 27001 certification ?
According to Rankiteo,FEI Systems is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of FEI Systems
FEI Systems operates primarily in the IT Services and IT Consulting industry.
Number of Employees at FEI Systems
FEI Systems employs approximately 449 people worldwide.
Subsidiaries Owned by FEI Systems
FEI Systems presently has no subsidiaries across any sectors.
FEI Systems’s LinkedIn Followers
FEI Systems’s official LinkedIn profile has approximately 24,114 followers.
NAICS Classification of FEI Systems
FEI Systems is classified under the NAICS code 5415, which corresponds to Computer Systems Design and Related Services.
FEI Systems’s Presence on Crunchbase
No, FEI Systems does not have a profile on Crunchbase.
FEI Systems’s Presence on LinkedIn
Yes, FEI Systems maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/fei-systems2.
Cybersecurity Incidents Involving FEI Systems
As of January 24, 2026, Rankiteo reports that FEI Systems has experienced 4 cybersecurity incidents.
Number of Peer and Competitor Companies
FEI Systems has an estimated 38,514 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at FEI Systems ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does FEI Systems detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and third party assistance with fei systems (forensic investigation), and containment measures with access revoked on october 30, 2023, and remediation measures with additional technical safeguards implemented, and communication strategy with affected individuals notified via letter on january 16, 2024, and containment measures with access revoked for the provider on october 30, 2025, and communication strategy with notification to affected individuals, and third party assistance with forensic review commissioned by fei systems, and containment measures with access revoked for the unauthorized provider on october 30, 2025, and communication strategy with notifications sent to affected individuals, and third party assistance with fei systems (forensic analysis), and containment measures with unauthorized user blocked, and communication strategy with affected individuals notified via letters with guidance to monitor medical statements..
Incident Details
Can you provide details on each incident ?
Title: Minnesota DHS Data Breach Exposes Personal Information of Nearly 304,000 Individuals
Description: In late August, an unauthorized user affiliated with a licensed healthcare provider accessed sensitive data in Minnesota’s MnCHOICES system, a platform used by counties, tribes, and agencies to assess and plan long-term services for vulnerable populations. The breach persisted for nearly a month before being detected. The unauthorized access included names, dates of birth, addresses, phone numbers, Medicaid IDs, and the last four digits of Social Security numbers for nearly 304,000 individuals. For 1,206 people, additional details such as ethnicity, birth records, physical traits, education, income, and benefits were exposed. The user exceeded their authorized permissions by retrieving more data than necessary for their role.
Date Detected: 2023-11-15
Date Publicly Disclosed: 2024-01-16
Date Resolved: 2023-10-30
Type: Data Breach
Attack Vector: Unauthorized Access
Vulnerability Exploited: Excessive Permissions
Threat Actor: Affiliated User (Licensed Healthcare Provider)
Title: Minnesota Agency Reports 304,000-Person Data Breach Linked to Vendor Access Misuse
Description: The Minnesota Department of Human Services (DHS) has notified nearly 304,000 individuals of a data breach involving unauthorized access to its MnChoices system, a platform used by counties, tribal nations, and managed care organizations to assess eligibility for long-term services, including disability, housing, and mental health support. The system is managed by third-party vendor FEI Systems. Unauthorized access occurred due to a worker affiliated with a licensed healthcare provider accessing data beyond their authorized scope.
Date Detected: 2025-11-18
Type: Data Breach
Attack Vector: Insider Threat
Vulnerability Exploited: Excessive Data Access Permissions
Threat Actor: Worker affiliated with a licensed healthcare provider
Title: Minnesota Agency Reports 304,000-Person Data Breach Linked to Vendor System
Description: The Minnesota Department of Human Services (DHS) is notifying nearly 304,000 individuals of a data breach involving unauthorized access to its MnChoices system, a third-party IT platform managed by FEI Systems. The system is used by counties, tribal nations, and managed care organizations to assess eligibility for long-term services, including disability, housing, and mental health support. A healthcare worker affiliated with a licensed provider accessed data beyond their authorized scope.
Date Detected: 2025-11-18
Type: Data Breach
Attack Vector: Insider Threat
Vulnerability Exploited: Unauthorized access by authorized user
Threat Actor: Healthcare worker affiliated with a licensed provider
Title: Minnesota DHS Reports Data Breach Affecting 300,000 in MnCHOICES Program
Description: The Minnesota Department of Health and Human Services (DHS) is notifying residents after a data breach exposed sensitive information from approximately 300,000 users of the MnCHOICES program. The incident involved unauthorized access by a 'provider-associated' user within the web-based system, which is used by counties, Tribal Nations, and managed care facilities to assess long-term care and support eligibility.
Date Detected: 2023-11
Type: Data Breach
Attack Vector: Unauthorized access by insider
Threat Actor: Provider-associated user
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach FEI1768877970
Data Compromised: Personal Information, Medicaid IDs, Last Four Digits of SSNs, Ethnicity, Birth Records, Physical Traits, Education, Income, Benefits
Systems Affected: MnCHOICES System
Brand Reputation Impact: Yes
Identity Theft Risk: Yes
Incident : Data Breach FEIMIN1768948386
Data Compromised: Demographic details, names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, race, financial eligibility details, and program-specific data
Systems Affected: MnChoices system
Identity Theft Risk: High
Incident : Data Breach FEIMIN1768969952
Data Compromised: Names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, income, program eligibility
Systems Affected: MnChoices system (FEI Systems)
Identity Theft Risk: Yes
Incident : Data Breach FEIMIN1769103080
Data Compromised: Personal and medical details used in eligibility determinations
Systems Affected: MnCHOICES web-based system
Identity Theft Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Identifiable Information, Medicaid Ids, Social Security Numbers (Last Four Digits), Ethnicity, Birth Records, Physical Traits, Education, Income, Benefits, , Personally Identifiable Information (PII), Medicaid IDs, partial SSNs, demographic data, financial eligibility details, program-specific data, Personally Identifiable Information (PII), Protected Health Information (PHI), Medicaid IDs, partial SSNs, demographic data, program eligibility details, Personal Information, Medical Details and .
Which entities were affected by each incident ?
Incident : Data Breach FEI1768877970
Entity Name: Minnesota Department of Human Services (DHS)
Entity Type: Government Agency
Industry: Healthcare & Social Services
Location: Minnesota, USA
Customers Affected: 304,000 individuals
Incident : Data Breach FEIMIN1768948386
Entity Name: Minnesota Department of Human Services (DHS)
Entity Type: Government Agency
Industry: Healthcare & Social Services
Location: Minnesota, USA
Customers Affected: 303,965 individuals (plus 1,206 with additional data exposure)
Incident : Data Breach FEIMIN1768948386
Entity Name: FEI Systems
Entity Type: Third-Party Vendor
Industry: IT Services
Incident : Data Breach FEIMIN1768969952
Entity Name: Minnesota Department of Human Services (DHS)
Entity Type: Government Agency
Industry: Healthcare / Social Services
Location: Minnesota, USA
Customers Affected: 303,965 individuals (demographic data), 1,206 individuals (extensive records)
Incident : Data Breach FEIMIN1768969952
Entity Name: FEI Systems
Entity Type: IT Vendor
Industry: Technology / Healthcare IT
Incident : Data Breach FEIMIN1769103080
Entity Name: Minnesota Department of Health and Human Services (DHS)
Entity Type: Government Agency
Industry: Healthcare / Social Services
Location: Minnesota, USA
Customers Affected: 300,000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach FEI1768877970
Incident Response Plan Activated: Yes
Third Party Assistance: FEI Systems (Forensic Investigation)
Containment Measures: Access revoked on October 30, 2023
Remediation Measures: Additional technical safeguards implemented
Communication Strategy: Affected individuals notified via letter on January 16, 2024
Incident : Data Breach FEIMIN1768948386
Containment Measures: Access revoked for the provider on October 30, 2025
Communication Strategy: Notification to affected individuals
Incident : Data Breach FEIMIN1768969952
Third Party Assistance: Forensic review commissioned by FEI Systems
Containment Measures: Access revoked for the unauthorized provider on October 30, 2025
Communication Strategy: Notifications sent to affected individuals
Incident : Data Breach FEIMIN1769103080
Third Party Assistance: FEI Systems (forensic analysis)
Containment Measures: Unauthorized user blocked
Communication Strategy: Affected individuals notified via letters with guidance to monitor medical statements
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes.
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through FEI Systems (Forensic Investigation), Forensic review commissioned by FEI Systems, FEI Systems (forensic analysis).
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach FEI1768877970
Type of Data Compromised: Personal identifiable information, Medicaid ids, Social security numbers (last four digits), Ethnicity, Birth records, Physical traits, Education, Income, Benefits
Number of Records Exposed: 304,000 (1,206 with additional sensitive data)
Sensitivity of Data: High
Data Exfiltration: No evidence of misuse
Personally Identifiable Information: Yes
Incident : Data Breach FEIMIN1768948386
Type of Data Compromised: Personally Identifiable Information (PII), Medicaid IDs, partial SSNs, demographic data, financial eligibility details, program-specific data
Number of Records Exposed: 303,965 (plus 1,206 with additional exposure)
Sensitivity of Data: High
Personally Identifiable Information: Names, addresses, dates of birth, partial Social Security numbers, ethnicity, race
Incident : Data Breach FEIMIN1768969952
Type of Data Compromised: Personally Identifiable Information (PII), Protected Health Information (PHI), Medicaid IDs, partial SSNs, demographic data, program eligibility details
Number of Records Exposed: 304,000+
Sensitivity of Data: High
Personally Identifiable Information: Names, addresses, dates of birth, partial Social Security numbers, ethnicity, income
Incident : Data Breach FEIMIN1769103080
Type of Data Compromised: Personal information, Medical details
Number of Records Exposed: 300,000
Sensitivity of Data: High
Data Exfiltration: Not confirmed
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Additional technical safeguards implemented.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by access revoked on october 30, 2023, access revoked for the provider on october 30, 2025, access revoked for the unauthorized provider on october 30, 2025 and unauthorized user blocked.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach FEI1768877970
Regulatory Notifications: Minnesota Office of the Legislative AuditorU.S. Department of Health and Human Services
Incident : Data Breach FEIMIN1768948386
Regulations Violated: HIPAA,
Regulatory Notifications: Minnesota Office of the Legislative AuditorU.S. Department of Health and Human Services
Incident : Data Breach FEIMIN1768969952
Regulations Violated: HIPAA
Regulatory Notifications: Reported to U.S. Department of Health and Human Services, Minnesota Office of the Legislative Auditor
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach FEI1768877970
Lessons Learned: Vulnerabilities in systems handling sensitive health and social services data; need for stricter access controls and monitoring.
What recommendations were made to prevent future incidents ?
Incident : Data Breach FEI1768877970
Recommendations: Implement additional technical safeguards, enhance monitoring of user permissions, and expedite breach notification processes.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Vulnerabilities in systems handling sensitive health and social services data; need for stricter access controls and monitoring.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Implement additional technical safeguards, enhance monitoring of user permissions and and expedite breach notification processes..
References
Where can I find more information about each incident ?
Incident : Data Breach FEI1768877970
Source: Minnesota Department of Human Services
Incident : Data Breach FEIMIN1768948386
Source: Cyber Incident Description
Incident : Data Breach FEIMIN1768969952
Source: Minnesota Department of Human Services
Incident : Data Breach FEIMIN1769103080
Source: Minnesota DHS
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Minnesota Department of Human Services, and Source: Cyber Incident Description, and Source: Minnesota Department of Human Services, and Source: Minnesota DHS.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach FEI1768877970
Investigation Status: Completed
Incident : Data Breach FEIMIN1768948386
Investigation Status: Ongoing (DHS Office of Inspector General monitoring billing records for fraud)
Incident : Data Breach FEIMIN1768969952
Investigation Status: Ongoing (DHS Office of Inspector General monitoring for fraud)
Incident : Data Breach FEIMIN1769103080
Investigation Status: Ongoing (led by Minnesota DHS Office of Inspector General)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Affected individuals notified via letter on January 16, 2024, Notification to affected individuals, Notifications sent to affected individuals and Affected individuals notified via letters with guidance to monitor medical statements.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach FEI1768877970
Customer Advisories: Affected individuals notified via letter on January 16, 2024
Incident : Data Breach FEIMIN1768948386
Customer Advisories: Notification sent to affected individuals
Incident : Data Breach FEIMIN1768969952
Customer Advisories: Notifications sent to affected individuals
Incident : Data Breach FEIMIN1769103080
Customer Advisories: Letters sent to affected individuals with monitoring guidance
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Affected individuals notified via letter on January 16, 2024, Notification sent to affected individuals, Notifications sent to affected individuals and Letters sent to affected individuals with monitoring guidance.
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach FEI1768877970
Root Causes: Excessive user permissions, delayed detection of unauthorized access
Corrective Actions: Additional technical safeguards implemented, stricter access controls
Incident : Data Breach FEIMIN1768948386
Root Causes: Excessive data access permissions granted to a third-party worker
Incident : Data Breach FEIMIN1768969952
Root Causes: Unauthorized access by an authorized user beyond their scope
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as FEI Systems (Forensic Investigation), Forensic review commissioned by FEI Systems, FEI Systems (forensic analysis).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Additional technical safeguards implemented, stricter access controls.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Affiliated User (Licensed Healthcare Provider), Worker affiliated with a licensed healthcare provider, Healthcare worker affiliated with a licensed provider and Provider-associated user.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-11-15.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-01-16.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2023-10-30.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal Information, Medicaid IDs, Last Four Digits of SSNs, Ethnicity, Birth Records, Physical Traits, Education, Income, Benefits, Demographic details, names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, race, financial eligibility details, and program-specific data, Names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, income, program eligibility and Personal and medical details used in eligibility determinations.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was FEI Systems (Forensic Investigation), Forensic review commissioned by FEI Systems, FEI Systems (forensic analysis).
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Access revoked on October 30, 2023, Access revoked for the provider on October 30, 2025, Access revoked for the unauthorized provider on October 30, 2025 and Unauthorized user blocked.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Demographic details, names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, race, financial eligibility details, and program-specific data, Personal Information, Medicaid IDs, Last Four Digits of SSNs, Ethnicity, Birth Records, Physical Traits, Education, Income, Benefits, Names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, income, program eligibility and Personal and medical details used in eligibility determinations.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.2M.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Vulnerabilities in systems handling sensitive health and social services data; need for stricter access controls and monitoring.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement additional technical safeguards, enhance monitoring of user permissions and and expedite breach notification processes..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Cyber Incident Description, Minnesota DHS and Minnesota Department of Human Services.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Affected individuals notified via letter on January 16, 2024, Notification sent to affected individuals, Notifications sent to affected individuals and Letters sent to affected individuals with monitoring guidance.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Excessive user permissions, delayed detection of unauthorized access, Excessive data access permissions granted to a third-party worker, Unauthorized access by an authorized user beyond their scope.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Additional technical safeguards implemented, stricter access controls.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=fei-systems2' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
