Cyber Incident Victim: Illinois Department of Healthcare and Family Services

On May 12, 2023, the Illinois Department of Healthcare and Family Services (HFS) and the Illinois Department of Human Services (IDHS) disclosed a data breach impacting the State of Illinois Application for Benefits Eligibility (ABE) system’s Manage My Case (MMC) portal. The breach involved unauthorized accounts created within the ABE system that accessed and linked to legitimate customer MMC accounts by exploiting personal information stolen from an external source. Attackers leveraged this stolen data to compromise accounts tied to Medicaid, the Supplemental Nutrition Assistance Program (SNAP), and Temporary Assistance for Needy Families (TANF) – the primary benefit programs administered through the ABE portal. Exposed information included names, Social Security numbers, recipient identification numbers, addresses, phone numbers, and income details. The breach potentially affected all individuals who had applied for or were actively receiving benefits through the ABE system, though the exact number of compromised accounts was not disclosed.

HFS and IDHS implemented containment measures to halt further unauthorized access and notified affected individuals, the Illinois General Assembly, and the Office of the Illinois Attorney General. They established a dedicated assistance line (1-877-657-0006) operational until August 14, 2023, to address inquiries. Impacted parties were advised to contact consumer reporting agencies to place fraud alerts or security freezes on their accounts and directed to the Federal Trade Commission’s identity theft resources. The incident underscored vulnerabilities in systems managing sensitive benefit program data, though no specifics regarding breach duration, intrusion methods, or attacker attribution were released. Consequences included heightened identity theft risks for beneficiaries reliant on state-funded medical, nutritional, and financial assistance programs.