Illinois Agency Reports Health Care Data Breach Impacting 600,000 Patients
The Illinois Department of Human Services (IDHS) has reported a significant data breach affecting approximately 600,000 patients. Over several years, sensitive information was made publicly viewable due to incorrect privacy settings.
Details of the Health Care Data Breach
Between April 2021 and September 2025, personal data of over 32,000 customers within IDHS’s Division of Rehabilitation Services was exposed. This information included:
- Names
- Addresses
- Case numbers
- Case status
- Referral source information
- Region and office details
- Status as Division of Rehabilitation Services recipients
Moreover, nearly 670,000 recipients of Medicaid and the Medicare Savings Program were affected. Their public information included addresses, case numbers, and demographic details between January 2022 and September 2025.
Response by the Illinois Department of Human Services
IDHS became aware of the breach on September 22, 2025. They promptly adjusted the privacy settings on the mapping website to restrict access to authorized personnel only. The agency emphasized that there was no current evidence of any misuse of the exposed information.
As a preventive measure, IDHS has introduced a secure mapping policy aimed at preventing future occurrences by prohibiting the upload of customer data to public mapping platforms.
Notifications to Affected Individuals
Individuals whose data was compromised will receive official notifications from IDHS. These letters will provide detailed information about the breach and include a contact number for further inquiries.
The IDHS remains committed to safeguarding patient information and is taking all necessary steps to ensure such incidents do not happen again.
