The Illinois Division of Human Providers (IDHS), certainly one of Illinois’ largest state companies, unintentionally uncovered the private and well being information of almost 700,000 residents because of incorrect privateness settings.
The company found the information breach on September 22 when it discovered that maps created by the IDHS Division of Household and Group Providers for useful resource allocation choices had been publicly viewable on a mapping web site because of misconfigured privateness controls.
These maps, supposed for inside use to information choices equivalent to workplace placement, remained accessible on-line for years earlier than the difficulty was found final yr.
The ensuing information breach affected two teams of Illinois residents. Roughly 672,616 Medicaid and Medicare Financial savings Program recipients had their addresses, case numbers, demographic particulars, and medical help plan names uncovered on-line from January 2022 via September 2025, however their names weren’t included.
One other, smaller group of 32,401 Division of Rehabilitation Providers prospects had data, together with names, addresses, case numbers, case standing, and referral sources, uncovered from April 2021 via September 2025.
“On September 22, 2025, IDHS found that maps created by the IDHS Division of Household and Group Providers’ Bureau of Planning and Analysis on a mapping web site had been publicly viewable because of incorrect privateness settings,” the IDHS stated.
“The mapping web site was unable to determine who seen the maps. Up to now, IDHS is unaware of any precise or tried misuse of private data because of this incident.”
After discovering the incident, the IDHS restricted entry to the maps to licensed staff, finishing the lockdown on September 26. The company has additionally performed a evaluation of all uncovered maps and now blocks makes an attempt to add identifiable buyer data to public mapping platforms.
The company is notifying affected people as required by federal well being privateness legislation and has reported the incident to related regulatory authorities.
In December 2024, the IDHS disclosed one other information breach after attackers breached a number of worker accounts following a phishing assault and accessed the private data of 1,166,094 individuals.
It is finances season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the yr forward. This report compiles their insights, permitting readers to benchmark methods, determine rising tendencies, and evaluate their priorities as they head into 2026.
Learn the way prime leaders are turning funding into measurable affect.
