‘Unauthorized access’ of health data revealed by Hennepin County

Participants enrolled in several Hennepin County-based fitness and healthy eating-based challenges might have had some of their registration information accessed by an unauthorized source.

What we know

According to a press release, on Aug. 27, 2024, Hennepin County officials say they were informed of ‘unauthorized access’ to registration data of participants in the "Find Your 5" and "Step to It" public health programs.

Officials say that roughly 4,400 people registered for the 2024 programs potentially had various database info accessed, including a person’s first and last name, email address, phone number, mailing address, age range, race and/or gender.

"Once we became aware of the situation, Hennepin County took immediate action to isolate the database and take it offline, so data was no longer accessible," said Kristi Lahti-Johnson, Hennepin County Data Practices Compliance Official.

Officials with Hennepin County say no sensitive data – such as financial information – was accessed, and that its database is now secured again.

An investigation report on the incident has since been completed and can be found here.

Created in 2009, the "Step to it" challenge encourages communities within Hennepin County to "get moving after a long winter" – tracking their steps, and tallying them as part of a competition to see which community is most active.

Find Your 5 was a four-week virtual challenge throughout August that encouraged participants to track, and eat, more fruits and vegetables, and adhere to eating more rigorously from all five food groups.

What we don’t know

Officials with Hennepin County are still unclear exactly who caused the data breach, and with what intent.

"We do not have any indication that an actual person viewed the data or that any of the data was copied or downloaded," said Lahti-Johnson in a statement.

Hennepin CountyCrime and Public SafetyHealthData BreachesMinnesota