State computer hackers threaten thousands of Minnesotans’ data
ST. PAUL — Computer hackers have gained access to thousands of Minnesotans’ data stored in state computers during the past year, including 35,000 people who deal with the Department of Human Services.
A key senator says the department must make progress in changing the situation.
“There is a pattern here that needs to be fixed,” said Sen. Michelle Benson, R-Ham Lake, the deputy Senate majority leader and chairwoman of the committee that decides Human Services funding.
Benson said on Wednesday, April 10, that she thinks new Human Services Commissioner Tony Lourey will do well — “I commend their transparency” — but she demanded to see progress before opening the purse strings.
Legislative committees are wrapping up their spending plans this week in preparation for passing a state budget before May 20.
“We have some questions that need to be answered to restore trust,” Benson said.
On Tuesday, Lourey notified legislators and those affected about a breach that happened 13 months ago.
The commissioner, who was a Benson colleague in the Senate, promised “to do everything we can to uphold the privacy of Minnesotans who receive services through our programs.”
The March 2018 incident involved a hacker who gained access to one employee’s email account and tried to get another Human Services worker to make a payment by wire transfer. The employee receiving the email thought it was suspicious and did not send the money.
“We currently have no evidence that the information contained in this account was actually viewed, downloaded or misused in any way,” Lourey wrote to Minnesotans potentially affected. “However, in an abundance of caution, we are providing you with this notice.”
The commissioner added: “Minnesota’s executive agencies, including DHS, are the frequent target of increasingly sophisticated cyberattacks. Partnering with Minnesota IT Services (MNIT), we have been able to successfully defend against the vast majority of these cyberattacks.”
MNIT reports that it blocks more than 8,000 emails threats to state computers each day.
“With further investment, we can improve our ability to detect and deflect email-based and other kinds of cyberattacks in the future to bring those numbers down,” a MNIT statement said.
With the House and governor’s office under Democratic control, and Republicans running the Senate, it is not clear how this year’s Legislature will deal with the situation.
“There’s a bipartisan fear of what these breaches can do,” said Sen. John Marty of Roseville, the top Democrat on Benson’s committee.
However, while Benson is ready to keep funding down until she is convinced Lourey’s department is on the right track, Marty said more money is needed because the state is far behind on the technology front.
Rapid staff turnover combines with aging software and hardware to make fixing the problems difficult.
Marty, in the Senate since 1986, said the problems have been evident for two or three decades. Legislators often hear about technological deficiencies, he said, but “we have other things we have to do.”
Spending money to upgrade computer systems is unlikely to attract votes in elections.
However, Marty said, as long as Minnesota state computer systems are aging, “we are sitting ducks” for hackers.
Computer problems have been front and center for Minnesota government the last couple of years.
The biggest problem was the motor vehicle title and registration system known as MNLARS. After Hewlett Packard failed in an effort to update the computer system, the state took over. Legislators have approved more than $100 million to fix the problem since the initial system rolled out in 2017. Work continues.
Benson rattled off a long list of Human Services computer failures, starting with the October 2013 rollout of the MnSure insurance sales system. Nearly everyone agreed that was a disaster.
In 2016, the department lost $271 million when a computer system incorrectly handled health program enrollments, Benson said. Two years later, the state wrote off $30 million of insurance premiums because of a software problem.