Cyber Threat Actor: Five Hennepin HealthCare employees
| Actor Type | Location | Known Incidents |
Insider - Disgruntled
|
United States of America
|
1 incident |
|---|
Profile
Thethreat actor consists of five former employees of Hennepin HealthCare who were identified by the alias “Five Hennepin HealthCare employees.” All individuals were based in the United States of America, specifically working at the Hennepin HealthCare facility in Minneapolis, Minnesota. Their unauthorized activity came to light on October 13 2020 when an internal investigation revealed that they had accessed the medical records of George Floyd without a legitimate work‑related reason. The accesses were documented through a public information request that showed multiple instances of improper viewing of Floyd’s protected health information. As a result of the breach, the employees were terminated and the incident was reported to the family’s attorney, confirming a violation of patient privacy regulations. The case highlighted a failure of internal controls that allowed staff with legitimate system credentials to misuse those privileges for non‑job‑related purposes.
The actor’s targeting was confined to the healthcare sector, as the individuals exploited their authorized access within a hospital’s electronic health record system. No external malware, phishing, or sophisticated tooling was involved; the threat relied solely on the abuse of existing privileged accounts to view sensitive data. The observed behavior aligns with an insider threat pattern where the primary objective was the unauthorized acquisition of personal health information rather than financial gain, espionage, or disruption. Attribution remains limited to the individuals themselves, with no publicly established links to state actors, criminal consortia, or broader hacking groups. Consequently, the only publicly reported operation associated with this actor is the singular incident involving George Floyd’s records, which serves as a representative example of insider‑driven privacy breaches in U.S. healthcare institutions.
