Advertisement
Subscribe to our daily newsletter.
Subscribe

February phishing campaign compromised Illinois health data, department says

A February 11 cyberattack compromised the health data of nearly 1,000 people, announced the Illinois Department of Healthcare and Family Services.

By

Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
envelopes bokeh
(Getty Images)

The Illinois Department of Healthcare and Family Services on Friday announced a data breach resulting from a phishing attack earlier this year that compromised the personal information of 933 people, including 564 Illinois residents.

According to the notice, HFS discovered the phishing campaign targeting its employees on Feb. 11. The department claims the attacker used a previously compromised government email account to send deceptive emails, leading to the unauthorized access of one employee’s emails and documents.

“The bad actor sent emails to HFS employees from another government email account the bad actor had previously hacked, so that the emails looked trustworthy to HFS employees. As a result of these actions, one HFS employee’s emails and documents were compromised,” the notice reads.

The compromised information varied among individuals but may have included names, Social Security numbers, driver’s license or state ID numbers, financial details related to child support, Medicaid or child support case numbers and dates of birth.

Advertisement

Upon discovering the breach, the department said, it worked with the Illinois Department of Innovation and Technology, now led by state Chief Information Officer Brandon Ragle, to block malicious links and reset potentially affected employee passwords. The department also issued training materials to all employees on how to recognize and respond to phishing attempts.

HFS said it completed its notification to affected individuals on May 23, and advised them to monitor their credit reports and consider placing fraud alerts or security freezes on their accounts.

The incident underscores the ongoing cybersecurity challenges faced by state agencies. Last April, a separate phishing attack on the Illinois Department of Human Services exposed the personal data of more than one million people, including approximately 4,700 Social Security numbers. That same month, bad actors compromised two email accounts at the Illinois Secretary of State’s office, which may have exposed sensitive data such Social Security numbers and driver’s license information.

Sophia Fox-Sowell

Written by Sophia Fox-Sowell

Sophia Fox-Sowell reports on artificial intelligence, cybersecurity and government regulation for StateScoop. She was previously a multimedia producer for CNET, where her coverage focused on private sector innovation in food production, climate change and space through podcasts and video content. She earned her bachelor’s in anthropology at Wagner College and master’s in media innovation from Northeastern University.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

Latest Podcasts

bubbles

Fountain bubble prank presented city CIO with unique technical challenge

How Pennsylvania is hiring employees faster

Code For America’s 2025 Summit will highlight an IT sea change, says CEO

On AI policy, states can learn from each other

State

City

Cybersecurity

Modernization