The Illinois Division of Human Providers (IDHS), considered one of Illinois’ largest state companies, by accident uncovered the private and well being information of almost 700,000 residents on account of incorrect privateness settings.
The company found the info breach on September 22 when it discovered that maps created by the IDHS Division of Household and Neighborhood Providers for useful resource allocation choices had been publicly viewable on a mapping web site on account of misconfigured privateness controls.
These maps, supposed for inner use to information choices similar to workplace placement, remained accessible on-line for years earlier than the problem was found final 12 months.
The ensuing information breach affected two teams of Illinois residents. Roughly 672,616 Medicaid and Medicare Financial savings Program recipients had their addresses, case numbers, demographic particulars, and medical help plan names uncovered on-line from January 2022 by September 2025, however their names weren’t included.
One other, smaller group of 32,401 Division of Rehabilitation Providers clients had info, together with names, addresses, case numbers, case standing, and referral sources, uncovered from April 2021 by September 2025.
“On September 22, 2025, IDHS found that maps created by the IDHS Division of Household and Neighborhood Providers’ Bureau of Planning and Analysis on a mapping web site had been publicly viewable on account of incorrect privateness settings,” the IDHS stated.
“The mapping web site was unable to determine who seen the maps. Thus far, IDHS is unaware of any precise or tried misuse of non-public info on account of this incident.”
After discovering the incident, the IDHS restricted entry to the maps to approved workers, finishing the lockdown on September 26. The company has additionally carried out a evaluate of all uncovered maps and now blocks makes an attempt to add identifiable buyer info to public mapping platforms.
The company is notifying affected people as required by federal well being privateness regulation and has reported the incident to related regulatory authorities.
In December 2024, the IDHS disclosed one other information breach after attackers breached a number of worker accounts following a phishing assault and accessed the private info of 1,166,094 folks.
Whether or not you are cleansing up outdated keys or setting guardrails for AI-generated code, this information helps your workforce construct securely from the beginning.
Get the cheat sheet and take the guesswork out of secrets and techniques administration.
