Illinois DHS Exposed Private Health Data for Years

Many people are rightfully concerned about their personal data getting into the wrong hands, causing issues with creditors or in this case healthcare. The Illinois Department of Human Services has revealed that there was a mistake made and the Medicare and Medicaid participant information has been leaked.

Individual data was unprotected for years

The Department says that over half a million Medicare and Medicaid savings recipients had their info personal info placed on a website that could be accessed by anyone in the public for over three years.

Who knows who accessed your private information?

Oops. To compound the issue, when a data breach is discovered, those affected are supposed to be notified within 60 days. The Illinois Department of Human Services didn’t advise the potentially affected for over 100 days.

Get our free mobile app

Over 30,000 Rehab Services customers were also included in the data breach. The Rehab Services data sat vulnerable from April 2021 to September 2025. The Medicare and Medicaid savings data was vulnerable from January of 2022 to September of 2025.

Illinois Department of Human Services - Springfield, Illinois.

The vulnerable Rehab Services data included names, addresses, case numbers, referral details and more. The Medicare and Medicaid data that was exposed included addresses, but no individual names. But did include case numbers and specific assistance programs.

The issue is probably not over as the State hasn't been fully transparent

The Illinois Department says the problem arose from incorrect privacy settings. Once discovered, the settings on the data were corrected. The IDPH has not offered a reason for why it took so long to discover the initial issue, and why they didn't notify the potentially affected within the HIPAA 60 day timeline.