|
Illinois Department of Healthcare
and Family Services and the Illinois Department of Human Services
details incident involving protected health information
Send a link to a friend
 [October 22, 2022]
Pursuant to the requirements of the Health Insurance
Portability and Accountability Act, 45 CFR Sections 164.400-414, and
the Illinois Personal Information Protection Act, 815 ILCS 530/12,
the Illinois Department of Healthcare and Family Services (HFS) and
the Illinois Department of Human Services (IDHS) (collectively, the
Departments) are notifying the media of an incident within the State
of Illinois Application for Benefits Eligibility (ABE) system’s
Provider Portal.
The ABE system is the eligibility system for State-funded medical
benefits programs (Medicaid), the Supplemental Nutrition Assistance
Program (SNAP), and Temporary Assistance for Needy Families (TANF).
The Provider Portal within ABE enables Medicaid providers to submit
benefit applications for individuals online, with their consent. On
August 22, 2022, the State discovered an issue embedded within ABE’s
Provider Portal. Upon investigation, the Departments discovered that
individuals who applied to become Provider Portal users potentially
could see certain customer applications, before they were approved
users, if they clicked on certain buttons in a specific order that
was different from the displayed instructions while logged into
their account. This means that benefit applications that were
submitted through the Provider Portal prior to August 23, 2022,
potentially could have been accessed by users who went to the
Provider Portal and went through the provider application process.
The information that potentially could have been accessed included
applicant name, gender, date of birth, county, application type, and
application status. In some instances, additional information about
the applicant, as well as other individuals included in the
application for benefits, could have been viewed and could include
any of the following: Social Security number, address, benefits
applied for, income information, and medical information. To date,
we do not know of any actual or attempted misuse of anyone’s
personal information as a result of this incident and information
indicates the risk of access or misuse is low. The Departments do
not have a basis to think many people were adversely impacted.
[to top of second column] |
In response to this incident, as
soon as the issue was discovered, the Departments shut down the
ABE system Provider Portal on August 23, 2022, to fix the issue.
The system was reopened on September 29, 2022.
The Departments notified the potentially affected individuals,
the members of the Illinois General Assembly and the Office of
the Illinois Attorney General on October 21, 2022.
The Departments are providing one year of credit monitoring and
a dedicated phone line to provide assistance and further
information about this incident. Individuals with a question
about this incident can call 1-844-700-0330. The assistance line
is available until January 23, 2023. Potentially affected
individuals can also contact consumer reporting agencies to
place a free fraud alert or security freeze on their accounts,
or the Federal Trade Commission to learn more about fraud
alerts, credit freezes, or other identity theft resources.
Contact information for consumer reporting agencies:
Equifax
www.equifax.com/personal/
P.O. Box 105788, Atlanta, GA 30349
1-800-525-6285 (fraud alert)
1-888-298-0045 (credit freeze)
Experian
www.experian.com
P.O. Box 9554, Allen, TX 75013
1-888-397-3742 (fraud alert)
1-888-397-3742 (credit freeze)
TransUnion
www.transunion.com
P.O. Box 2000, Chester, PA 19016
1-800-680-7289 (fraud alert)
1-888-909-8872 (credit freeze)
Contact information for the Federal Trade Commission:
www.ftc.gov
Identity Theft Recovery Steps | IdentityTheft.gov
Federal Trade Commission, 600 Pennsylvania Ave, NW, Washington,
D.C. 20580, 1-877-382-4357 (Consumer Help Line)
[Illinois Office of
Communication and Information] |
