Elizabeth M. Whitehorn Director at Illinois Department of Healthcare and Family Services | Official website
Elizabeth M. Whitehorn Director at Illinois Department of Healthcare and Family Services | Official website
The Illinois Department of Healthcare and Family Services (HFS) has reported a data breach incident in compliance with the Illinois Personal Information Protection Act. The breach involved a phishing campaign targeting HFS employees, which was discovered on February 11, 2025. The attacker used a compromised government email account to send deceptive emails to HFS staff, resulting in one employee's emails and documents being accessed without authorization.
In response to the breach, HFS collaborated with the Illinois Department of Innovation and Technology (DoIT) to neutralize the threat by blocking the malicious link and resetting passwords that might have been compromised. Employees were also informed about the threat and reminded of security protocols regarding their state credentials.
The data compromised varied among individuals but could include personal details such as names, social security numbers, driver's license or state ID numbers, financial information related to child support, Medicaid identification numbers, case numbers, and birth dates. A total of 933 individuals were affected by this incident, including 564 residents of Illinois. Notifications to those impacted were completed by May 23, 2025.
Individuals potentially affected by this breach can contact HFS via email at HFS.Privacy.Officer@Illinois.gov for further inquiries. They are also advised to reach out to consumer reporting agencies like Equifax, Experian, or TransUnion for placing fraud alerts or security freezes on their accounts. Additionally, they may contact the Federal Trade Commission for more resources on identity theft protection.
Alerts Sign-up