MDHS A.I CyberSecurity Scoring
MDHS
Company Information
Website:http://mn.gov/dhs
Employees number:1,876
Number of followers:34,170
NAICS:92
Industry Type:Government Administration
Homepage:mn.gov
MDHS Risk Score (AI oriented)
Between 0 and 549
MDHSGovernment Administration
Updated:
09/07/2026
09/07/2026
195/1000
Critical
C
MDHS Global Score (TPRM)
xxxx
MDHSGovernment Administration
Score locked

MDHSCritical
Current Score
195C (CRITICAL)
01000
10 incidents
-109.6 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
195
JUNE 2026
186
MAY 2026
171
APRIL 2026
249
Breach
07 Apr 2026 • MDHS
Minnesota Department of Human Services: Aitkin County HHS Data Breach Affects 83,114 Individuals
Aitkin County Health and Human Services Data Breach Exposes Sensitive Information of 83,114 Individuals
160
CRITICAL-89
MIN1783615462
Aitkin County Health and Human Services Data Breach Exposes Sensitive Information of 83,114 Individuals
Aitkin County Health and Human Services (HHS) in Minnesota disclosed a data breach affecting 83,114 individuals across the U.S. after cybercriminals gained unauthorized access to three county email accounts between April 7 and April 8, 2026. The intrusion was detected when an employee’s account began sending phishing emails.
An investigation by third-party cybersecurity consultants revealed that attackers downloaded the contents of the compromised accounts. A subsequent review uncovered a Minnesota Department of Human Services (DHS) report in one of the breached emails, containing MnCHOICES data including information on individuals both within and outside Aitkin County. The county confirmed on May 13, 2026, that the report inadvertently exposed additional individuals’ data, prompting collaboration with DHS to notify those affected.
The breach compromised a wide range of sensitive information, including:
- Personally Identifiable Information (PII): Names, addresses, dates of birth, Social Security numbers, and case identifying numbers.
- Protected Health Information (PHI): Medical records, diagnoses, treatment details, healthcare provider names, medications, health insurance IDs, and claims data.
- MnCHOICES-related data: Form types, statuses, modification dates, and service provider details.
Aitkin County reported the incident to the U.S. Department of Health and Human Services on June 17, 2026, and began notifying affected individuals the same day. A public notice was also posted on the county’s website for those without available contact information. The county established a toll-free helpline (1-844-817-0953) for inquiries and offered affected individuals the option to request a detailed investigation report by mail.
The breach highlights the risks of email-based attacks on public health systems and the potential for widespread exposure of sensitive data.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
247
FEBRUARY 2026
227
JANUARY 2026
314
Breach
16 Jan 2026 • MDHS
FEI Systems: Minnesota Department of Human Services data breach impacts 300K
Minnesota DHS Data Breach Exposes Personal Information of Nearly 304,000 Individuals
222
CRITICAL-92
FEI1768877970
Minnesota DHS Data Breach Exposes Personal Information of Nearly 304,000 Individuals
In late August, an unauthorized user affiliated with a licensed healthcare provider accessed sensitive data in Minnesota’s MnCHOICES system a platform used by counties, tribes, and agencies to assess and plan long-term services for vulnerable populations. The breach persisted for nearly a month before being detected.
The unauthorized access included names, dates of birth, addresses, phone numbers, Medicaid IDs, and the last four digits of Social Security numbers for nearly 304,000 individuals. For 1,206 people, additional details such as ethnicity, birth records, physical traits, education, income, and benefits were exposed.
The user, who had legitimate but limited access to MnCHOICES, exceeded their authorized permissions by retrieving more data than necessary for their role. Access was revoked on October 30 after FEI Systems, the vendor managing the system, detected unusual activity in mid-November and reported it to the state. A forensic investigation was subsequently launched.
The Minnesota Department of Human Services (DHS) stated there is no evidence the data was misused, though the Office of Inspector General is monitoring billing records for potential fraud. Affected individuals were notified via a January 16 letter, nearly four months after the breach occurred. The delay was attributed to the need to verify impacted records and complete the investigation before issuing notices.
In response, DHS implemented additional technical safeguards and reported the incident to the Minnesota Office of the Legislative Auditor and the U.S. Department of Health and Human Services. The breach highlights vulnerabilities in systems handling sensitive health and social services data.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
301
NOVEMBER 2025
383
Breach
01 Nov 2025 • MDHS
FEI Systems and Minnesota Department of Health and Human Services: Minnesota Health Program Faces Data Breach Affecting 300,000
Minnesota DHS Reports Data Breach Affecting 300,000 in MnCHOICES Program
292
CRITICAL-91
FEIMIN1769103080
Minnesota DHS Reports Data Breach Affecting 300,000 in MnCHOICES Program
The Minnesota Department of Health and Human Services (DHS) is notifying residents after a data breach exposed sensitive information from approximately 300,000 users of the MnCHOICES program. The incident, discovered in November, involved unauthorized access by a "provider-associated" user within the web-based system, which is used by counties, Tribal Nations, and managed care facilities to assess long-term care and support eligibility.
FEI Systems, the vendor managing the program, alerted state officials to the breach. While the unauthorized user has since been blocked, a forensic analysis confirmed that the accessed data has not been misused. The compromised information may include personal and medical details used in eligibility determinations.
Affected individuals will receive letters from the Minnesota DHS with guidance to monitor their medical statements for suspicious activity. The Minnesota DHS Office of Inspector General is leading the ongoing investigation into the incident.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
OCTOBER 2025
383
SEPTEMBER 2025
558
Breach
21 Sep 2025 • MDHS
FEI Systems and Minnesota Department of Human Services: Minnesota Agency Notifies 304,000 of Vendor Breach
Minnesota Agency Reports 304,000-Person Data Breach Linked to Vendor System
374
CRITICAL-184
FEIMIN1768969952
Minnesota Agency Reports 304,000-Person Data Breach Linked to Vendor System
The Minnesota Department of Human Services (DHS) is notifying nearly 304,000 individuals of a data breach involving unauthorized access to its MnChoices system, a third-party IT platform managed by FEI Systems. The system is used by counties, tribal nations, and managed care organizations to assess eligibility for long-term services, including disability, housing, and mental health support.
The breach was detected on November 18, 2025, when FEI Systems identified "unusual user activity" and reported it to DHS the following day. An investigation revealed that a healthcare worker affiliated with a licensed provider accessed data beyond their authorized scope between August 28 and September 21, 2025. The state revoked the provider’s access on October 30, 2025, and FEI commissioned a forensic review at DHS’s request.
Exposed data includes names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, and sensitive details such as ethnicity, income, and program eligibility. While 303,965 individuals had demographic information accessed, an additional 1,206 had more extensive records compromised. Authorities found no evidence of external hacking, and the DHS Office of Inspector General is monitoring for potential fraud.
The incident was reported to the Minnesota Office of the Legislative Auditor and the U.S. Department of Health and Human Services as a HIPAA breach. Since the unauthorized user was not a DHS employee, no disciplinary action was taken by the agency. FEI Systems has not provided further comment.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Breach
21 Sep 2025 • MDHS
FEI Systems and Minnesota Department of Human Services: Minnesota Agency Notifies 304,000 of Vendor Breach
Minnesota Agency Reports 304,000-Person Data Breach Linked to Vendor Access Misuse
374
CRITICAL-184
FEIMIN1768948386
Minnesota Agency Reports 304,000-Person Data Breach Linked to Vendor Access Misuse
The Minnesota Department of Human Services (DHS) has notified nearly 304,000 individuals of a data breach involving unauthorized access to its MnChoices system, a platform used by counties, tribal nations, and managed care organizations to assess eligibility for long-term services, including disability, housing, and mental health support. The system is managed by third-party vendor FEI Systems.
On November 18, 2025, FEI detected "unusual user activity" and reported it to DHS the following day. An investigation revealed that between August 28 and September 21, 2025, a worker affiliated with a licensed healthcare provider accessed data beyond their authorized scope. While the user had legitimate access to limited information, they retrieved more data than necessary for their role. DHS revoked the provider’s access on October 30, 2025.
The breach exposed demographic details for 303,965 individuals, with an additional subset of 1,206 affected by further data exposure. Compromised information includes names, addresses, dates of birth, Medicaid IDs, partial Social Security numbers, ethnicity, race, financial eligibility details, and program-specific data.
Authorities found no evidence of external hacking. The DHS Office of Inspector General is monitoring billing records for potential fraud, while the incident has been reported to the Minnesota Office of the Legislative Auditor and the U.S. Department of Health and Human Services as a HIPAA breach. Since the user was not a DHS employee, no disciplinary action was taken by the agency. FEI has not provided further comment.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
SEPTEMBER 2025
649
Breach
16 Sep 2025 • MDHS
Minnesota Department of Human Services: Minnesota Department of Human Services data breach impacts 300K
Minnesota Department of Human Services Data Breach
557
CRITICAL-92
MIN1768885020
Minnesota Department of Human Services Data Breach Exposes Personal Information of 304,000 Individuals
A data breach at the Minnesota Department of Human Services (DHS) compromised the private information of nearly 304,000 individuals, the agency disclosed in a January 16 notification letter. The unauthorized access occurred approximately four months before affected individuals were informed.
The breach involved a system managed by the DHS, though the department stated there is no current evidence that the exposed data was misused. To mitigate potential risks, the agency’s Office of Inspector General is actively monitoring billing records for signs of fraudulent activity. Impacted individuals were advised to review their healthcare statements and credit reports for suspicious activity.
The DHS has not provided further details on the cause of the breach or the specific types of data accessed. The incident highlights ongoing vulnerabilities in state-managed systems handling sensitive personal information.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
AUGUST 2025
648
AUGUST 2023
669
Breach
01 Aug 2023 • MDHS
Minnesota Department of Human Services: Data breach compromised records of 300K people at Minnesota human services department
Minnesota DHS Data Breach Affecting 304,000 Individuals
577
CRITICAL-92
MIN1768941399
Minnesota DHS Reports Data Breach Affecting 304,000 Individuals
The Minnesota Department of Human Services (DHS) recently disclosed a data breach impacting nearly 304,000 state residents, stemming from unauthorized access to the MnCHOICES system a platform used by counties, tribes, and managed care organizations to support individuals requiring long-term services.
The breach began in late August 2023, when a user affiliated with a healthcare provider accessed state data without proper authorization. While the individual had legitimate access to some MnCHOICES data, they exceeded their permissions, retrieving sensitive information over a one-month period. By the time the breach was detected on November 18, 2023, the unauthorized access had exposed demographic records, income data, and educational backgrounds of hundreds of thousands of individuals. For over 1,200 people, the breach included more detailed personal information, such as names, phone numbers, dates of birth, addresses, Medicaid ID numbers, and partial Social Security numbers.
The state’s investigation, conducted with assistance from FEI Systems (the IT vendor managing MnCHOICES) and an external cybersecurity firm, found no evidence of data misuse. However, notifications were issued out of caution. The Minnesota Office of Inspector General is monitoring billing records for potential fraud, with plans to refer any suspicious activity to law enforcement.
The DHS has not disclosed the identity of the unauthorized user or the healthcare provider involved. The incident highlights vulnerabilities in systems handling sensitive health and demographic data.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2022
732
Data Leak
01 Nov 2022 • MDHS
Minnesota Department of Human Services
Minnesota DHS Data Breach
651
HIGH-81
MIN164122123
Minnesota Department of Human Services (DHS) suffered a data breach incident after a DHS employee accidentally emailed the parent billing statements of 4,307 individuals involved in the program.
The billing statements included first and last names, addresses, DHS-generated billing account numbers, and parental fee account activity.
DHS implemented new procedures to address the error that led to the incident, and communicated these procedure changes to staff.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JUNE 2020
713
Vulnerability
16 Jun 2020 • MDHS
Minnesota Department of Human Services (DHS)
Lack of Security Reviews Left Minnesota SNAP System Vulnerable to Breaches and Fraud
708
CRITICAL-5
MIN3124431112425
The Minnesota Department of Human Services (DHS) failed to conduct mandatory security reviews of its Supplemental Nutrition Assistance Program (SNAP) computer system in 2020 and 2023, as revealed by federal audits. This system stores highly sensitive personal data of over 440,000 SNAP beneficiaries, including private financial and identification details. The omission of these reviews was attributed to resource constraints, leaving the system vulnerable to un detected security gaps, breaches, or fraud risks. While the agency claimed compliance in March 2024 under the new oversight of the Department of Children, Youth and Families (DCYF), beneficiaries expressed deep concerns over data privacy and trust erosion in public assistance programs. The exposed vulnerabilities could enable unauthorized access to confidential records, potentially leading to identity theft, financial fraud, or misuse of personal information. The audits explicitly warned that such negligence heightens the likelihood of a breach, though no confirmed incident was reported. The failure underscores systemic weaknesses in safeguarding critical welfare infrastructure, risking long-term reputational and operational damage.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MARCH 2018
767
Breach
01 Mar 2018 • MDHS
Minnesota Department of Human Services
Minnesota Department of Human Services Data Breach
679
CRITICAL-88
MIN21149222
Minnesota Department of Human Services suffered a data breach through an employee’s e-mail account.
The attack exposed the personal information of about 11,000 people.
The hackers were immediately detected and the servers were secured.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for MDHS ??
What was MDHS's A.I Rankiteo Cyber Score in June 2026 ??
What was MDHS's A.I Rankiteo Cyber Score in May 2026 ??
What was MDHS's A.I Rankiteo Cyber Score in April 2026 ??
What was MDHS's A.I Rankiteo Cyber Score in March 2026 ??
What was MDHS's A.I Rankiteo Cyber Score in February 2026 ??
What was MDHS's A.I Rankiteo Cyber Score in January 2026 ??
What was MDHS's A.I Rankiteo Cyber Score in December 2025 ??
What was MDHS's A.I Rankiteo Cyber Score in November 2025 ??
What was MDHS's A.I Rankiteo Cyber Score in October 2025 ??
What was MDHS's A.I Rankiteo Cyber Score in September 2025 ??
What was MDHS's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on MDHS's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with MDHS ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view MDHS's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?