|
Illinois Department of Healthcare
and Family Services and Illinois Department of Human Services report
incident involving protected health information
Customers using ABE System or the MMC
portal could be compromised
Send a link to a friend
[May 12, 2023]
 Pursuant
to the requirements of the Health Insurance Portability and
Accountability Act, 45 CFR Sections 164.400-414, and the Illinois
Personal Information Protection Act, 815 ILCS 530/12, the Illinois
Department of Healthcare and Family Services (HFS) and the Illinois
Department of Human Services (IDHS) (collectively, the Departments)
are notifying the media of an incident within the State of Illinois
Application for Benefits Eligibility (ABE) system’s Manage My Case (MMC)
portal.
The ABE system is the eligibility system for State-funded medical
benefits programs (Medicaid), the Supplemental Nutrition Assistance
Program (SNAP), and Temporary Assistance for Needy Families (TANF).
The MMC portal within ABE enables Departments’ customers to see
their case history and benefit details, as well as change account
and benefit information. On March 13, 2023, the Departments
discovered suspicious user accounts had been created within the ABE
system. These suspicious accounts were able to link to existing
customer MMC accounts by providing the customer’s date of birth and
Individual ID or Social Security Number, and then correctly
answering several identity proofing questions. The Departments
believe customer personal information had been stolen elsewhere -
through no fault of the Departments - and this stolen personal
information was then used to access customer MMC accounts. The
information that could have been viewed within the MMC portal
includes the client’s name, address, phone number, date of birth,
recipient identification number, individual ID, Case ID, Social
Security Number, benefits applied for and received, and income
information. If the client applied for benefits through the ABE
portal, the application and any documents uploaded to support the
application could be viewed. Information of individuals included on
the application for benefits or receiving benefits with the
household could also have been viewed.
In response to this incident, the Departments deployed a new
software to stop the creation of more suspicious user accounts and
de-linked the suspicious accounts from the customer accounts.
[to top of second column] |
The Departments notified the
potentially affected individuals, the members of the Illinois
General Assembly and the Office of the Illinois Attorney General
on May 12, 2023.
The Departments are providing a dedicated phone line to provide
assistance and answer customer questions about this incident.
Individuals with a question about this incident can call
1-877-657-0006. The assistance line is available until August
14, 2023. Potentially affected individuals can also contact
consumer reporting agencies to place a free fraud alert or
security freeze on their accounts, or the Federal Trade
Commission to learn more about fraud alerts, credit freezes, or
other identity theft resources.
Contact information for consumer reporting agencies:
Equifax
www.equifax.com/personal/
P.O. Box 105788, Atlanta, GA 30349
1-800-525-6285 (fraud alert)
1-888-298-0045 (credit freeze)
Experian
www.experian.com
P.O. Box 9554, Allen, TX 75013
1-888-397-3742 (fraud alert)
1-888-397-3742 (credit freeze)
TransUnion
www.transunion.com
P.O. Box 2000, Chester, PA 19016
1-800-680-7289 (fraud alert)
1-888-909-8872 (credit freeze)
Contact information for the Federal Trade Commission:
www.ftc.gov
Identity Theft Recovery Steps | IdentityTheft.gov
Federal Trade Commission, 600 Pennsylvania Ave, NW, Washington, D.C.
20580, 1-877-382-4357 (Consumer Help Line)
[Illinois Office of Communication and
Information]
 |
