Dayton Administration Data Breach Exposes Minnesota’s Most Vulnerable to Identity Theft

The Center partnered with personal care attendants (PCAs) back in 2016 to push back against a scheme that funnels an estimated $150 million in Medicaid dollars to unions like the SEIU in eleven states, including Minnesota. We helped them form MNPCA.org to decertify the union (I will write about that effort soon).

As you may recall, the SEIU, with the help of Gov. Dayton and the DFL-majority legislature in 2013, was certified to “represent” the people who care for mostly disabled family members under a Medicaid program designed to help the disabled live independent lives outside of government institutions.

The SEIU now “negotiates” over a Medicaid benefit that is set by Congress and state legislatures (so the union does not have much to do except insinuate itself into the PCA program and claim bogus new benefits that make it harder for the disabled to get enough PCA hours).

The state collects outrageously high dues from low-income and vulnerable people (set at 3% of gross wages) from the Medicaid benefit used to pay PCAs, and then gives it to the SEIU.

The SEIU then uses the dues to fund politicians like mark Dayton and Tina Smith and extreme causes like government-run health care, calling it “Medicaid-For-All.”

You have to give the far left credit for its creative exploitation of America’s generosity and desire to help the poor and disabled, and its efficient manipulation  of lawmakers to access public funds.

Ask yourself: why don’t Republicans do a better job of blocking and tackling corrupt schemes that (mostly) fund their opponents and drain precious dollars from welfare programs? Are they too afraid of union money being spent against them? And where are the objections from mainstream Democrats who know that Medicaid is being used for political purposes?

Now this vulnerable population has been exposed to a data breach at the state agency that is supposed to guard their privacy and well-being.

According to a letter mailed to Medicaid recipients on October 9th, the Department of Human Services (DHS) was hacked twice last summer. Sensitive, private information may have been compromised including name, birth date, Social Security number, home address, telephone number, medical information, educational records, employment records, and/or financial information.

A representative from DHS told the Star Tribune, “…that, generally, attackers will look to monetize data or use e-mail addresses to send out more phishing attacks. Hackers could also try to reroute paychecks or target government systems to be disruptive.”

What if they try to reroute Medicare benefits? Steal their identity? If you are disabled or caring for someone who is disabled, dealing with this threat is especially burdensome. And government is not good at stopping this fraud.

DHS also told the Star Tribune that, “Gov. Mark Dayton recommended funding better technology to protect against phishing attacks, but the Legislature didn’t fund it.”

That is not true.

If you will recall. Gov. Dayton vetoed just about every bill that came before him last session. Here is Rep. Jim Nash (R-Waconia), who has been the lead in the House dealing with the IT issues and sheer incompetence of the Dayton administration. “It is disappointing and very concerning that the Dayton Administration vetoed bills with funding for cybersecurity and declined to work with GOP legislators who have made several offers to invest in cybersecurity for the last several years.”

Data breaches will occur, especially of government data because that is the weakest link and least competent player, increased IT funding or not. (You can give the state hundreds of millions in funding but that will not make it a competent guard of data.) But why did DHS wait 4  long months to notify these victims?

This population, and their caregivers, are perhaps the least able to react quickly to protect themselves.

Both the Office of Legislative Auditor and DHS are preparing reports on the data breach. But what good will those reports do for the 21,000 vulnerable Minnesotans subject to this hack?

You can read the letter sent out by DHS here.