During this cyberattack, the hacker used the state email account of an employee in our Direct Care and Treatment administration to send legitimate-looking emails to one of the employee’s co-workers. This email asked the co-worker pay an “invoice” via a wire transfer.

http://stmedia.startribune.com/documents/2019-04-09_DHS_Data_Breach_Letter_to_Legislators.pdf