EXCLUSIVE — Sen. Bill Cassidy (R-LA), chairman of the Senate health committee, has launched an inquiry into the administration of Gov. Tim Walz (D-MN) over its handling of a recent data breach involving the private information of more than 300,000 state residents.
The investigation, first reported by the Washington Examiner, comes on the heels of Cassidy conducting a similar inquiry into the handling of a health data breach in Illinois by Gov. JB Pritzker’s (D-IL) administration.
Cassidy is seeking records from the Minnesota Department of Human Services after an unauthorized employee of a healthcare provider accessed data in a state system relied upon by a large number of low-income individuals known as MnCHOICES, according to a letter sent Monday by the senator to the Walz administration and obtained by the Washington Examiner.
That data included detailed demographic information, the last four digits of Social Security numbers, Medicaid IDs, and other sensitive financial and medical records.
The congressional scrutiny is the latest in a blitz of investigations launched or expanded in recent weeks by Cassidy, who is fighting for reelection against a Trump-backed primary challenger, targeting Democratic administrations.
Those have centered on child care fraud in New York, Michigan, and Oregon; New York Mayor Zohran Mamdani’s use of federal funds for healthcare; medical groups’ support for gender transition surgeries for children; and abortion drug manufacturers. Cassidy has argued that higher fraud rates in some blue states compared to GOP-led states warrant additional scrutiny.
Cassidy wrote to Minnesota Department of Human Services Commissioner Shireen Gandhi that the breach in her state, which is already under the spotlight for widespread fraud in government social service programs, “raises questions about its commitment to data security.”
“Given Minnesota DHS’ role in helping vulnerable communities, its failure to identify the full scope of the incident and offer basic remedial support in light of a cybersecurity incident is unacceptable,” Cassidy wrote.
The department did not respond to a request for comment.
In a Jan. 16 letter to affected individuals, the department said there was “no evidence the information accessed in the system has been misused.” The notification came about four months after the breach occurred from August 2025 to September 2025, and one month after the department was made aware of the breach on Nov. 19, 2025.
The department recommended checking for any fraudulent health insurance claims and requesting a free credit report from consumer credit reporting companies, but it “does not have evidence that your medical insurance number was used by an unauthorized person.”
SENATE GOP INVESTIGATING PRITZKER ADMINISTRATION OVER ILLINOIS HEALTH RECORDS BREACH
Cassidy is seeking a response by April 14 to questions about how and when the breach was discovered, steps taken since to prevent future incidents, and why the department is not offering free credit monitoring.
“As hostile actors use more sophisticated methods to obtain health information, government stewards of protected health information (PHI) must all take robust steps to deter these attacks,” Cassidy wrote.