Two Illinois health agencies were victims of a data breach that leaked personal and sensitive data of Illinoisans enrolled in certain state-funded medical programs.
The Illinois Department of Healthcare & Family Services and the Illinois Department of Human Services said today that the state's Application for Benefits Eligibility's "Manage My Case" portal was breached when "suspicious accounts" were made and linked to real, existing user accounts.
The portal serves as the eligibility system for state medical benefits, such as Medicaid, the Supplemental Nutrition Assistance Program (SNAP) and Temporary Assistance for Needy Families (TANF). It details residents' case history, benefit details and other personal details.
HFS and IDHS said they discovered suspicious user accounts within the system on March 13. They were able to link to existing accounts by providing customers' birth dates and Social Security numbers and correctly answering identity-proving questions.
The state departments believe customer information had been stolen elsewhere and then was used to access benefit eligibility accounts in Illinois. Once inside, client information including their name, address, phone number, date of birth, recipient identification number, individual ID, case ID, Social Security number, benefits applied for and received and income information could be accessed. Additionally, information of other people linked to the account holder could also have been viewed.
It is unclear exactly how many people were affected. HFS and IDHS did not respond to a request for comment. But they said in a statement that today they notified affected individuals, the Illinois General Assembly and the attorney general.
The departments have also deployed new software to stop more phony accounts from being created and blocked existing suspicious accounts from linking to real accounts.
This story first appeared in Crain's Chicago Business.