The Illinois health department recently confirmed that data for more than 700,000 of the state's residents was exposed over a nearly four-year period due to a security lapse.
On January 2, the Illinois Department of Human Services (IDHS) released a statement saying that an internal mapping website containing personal information had been publicly viewable since at least April 2021. The lapse was not discovered until September 2025.
The mapping website is used by IDHS to allocate resources, including where to open offices, and is meant for internal use only. Officials said the information contained on the site was publicly viewable due to "incorrect privacy settings."
Exposed data includes the personal information for 672,616 people who receive payments from the Medicaid and Medicare Savings Program. Sensitive information included addresses, demographic data and case numbers, though officials claimed individual names were not exposed.
"IDHS discovered that maps created by the IDHS Division of Family and Community Services’ Bureau of Planning and Evaluation on a mapping website were publicly viewable due to incorrect privacy settings."
Illinois Department of Human Services
Another 32,401 individuals had names, addresses, case status and other information available from the department's Division of Rehabilitation Services.
The statement says the department has been unable to determine whether anyone actually viewed the exposed maps over the last 4 years. However, the IDHS said it immediately changed the privacy settings to restrict access to authorized employees only.
"IDHS has developed and implemented a Secure Map Policy that prohibits the uploading of any customer-level data to public mapping websites. Under this policy, no identifiable customer information may be uploaded, entered, or stored on public mapping platforms," the statement reads.
What to do if your information is leaked
If you are a resident of Illinois and have utilized either of the affected services, you should receive an individual notice from the IDHS. The notice will include a toll-free number for more information. It will also have contact information for the Federal Trade Commission and credit reporting agencies for fraud alerts and security freezes.
It does not appear that the department will provide access to any of the best identity theft service beyond information. Still, I would recommend signing up for identity theft protection to help protect you from hackers.
You'll want to be careful when checking your inbox, as hackers use this kind of information in targeted phishing attacks. While names weren't exposed in the Medicaid system, the data that was revealed could be used to get even more of your sensitive information.
Even outside of security lapses, the last year has seen a slew of medical data breaches. It's not too surprising since companies and government agencies store all sorts of sensitive data that hackers want.
There's not much you can do when a company or government department exposes your data like this. However, practice good cyber hygiene and sign up for any services that can protect your data, and you should be safer.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
