The Minnesota Department of Human Services is notifying 21,000 individuals about a potential compromise of their personal information after it discovered an authorized third party gained access to two email accounts on two separate occasions, according to KSTP.
The department sent affected individuals — all of whom had interacted with the department between October 2010 and July 2018 — a notice dated Oct. 9. Most of the affected individuals had interacted with Minnesota's State Medical Review Team, which determines disability status as required under various programs.
Department officials told KSTP that the accounts may have been accessed after two employees clicked on a link they received in a phishing email.
In a statement posted on its website, the department said, "We currently have no evidence that this information was actually clicked, viewed, downloaded or misused."
It is unclear what specific personal information was compromised, but the department notified HHS' Office for Civil Rights, which requires entities to report breaches of more than 500 individuals' protected health information.