IHFS, IDHS Report Data Breach in ABE System Provider Portal

By Benjamin Cox on October 24, 2022 at 3:26pm

The Illinois Department of Healthcare and Family Services and the Illinois Department of Human Services have notified the public of an incident within the State of Illinois’ Application for Benefits Eligibility (ABE) system’s Provider Portal.

The ABE system is the eligibility system for State-funded medical benefits programs (Medicaid), the Supplemental Nutrition Assistance Program (SNAP), and Temporary Assistance for Needy Families (TANF). The Provider Portal within ABE enables Medicaid providers to submit benefit applications for individuals online, with their consent. On August 22nd, the state says they discovered an issue embedded within ABE’s Provider Portal. Upon investigation, the Departments discovered that individuals who applied to become Provider Portal users potentially could see certain customer applications, before they were approved users, if they clicked on certain buttons in a specific order that was different from the displayed instructions while logged into their account. This means that benefit applications that were submitted through the Provider Portal prior to August 23rd could have been accessed by users who went to the Provider Portal and went through the provider application process.

To date, the State of Illinois says they do not know of any actual or attempted misuse of anyone’s personal information as a result of this incident, and they say information indicates the risk of access or misuse is low. The Departments do not have a basis to think many people were adversely impacted. In response, the state shut down the ABE systems for repair and reopened it on September 29th.

The Departments notified the potentially affected individuals, the members of the Illinois General Assembly and the Office of the Illinois Attorney General on Friday of the incident.

The Departments are providing one year of credit monitoring and a dedicated phone line to provide assistance and further information about this incident. Individuals with a question about this incident can call 1-844-700-0330. The assistance line is available until January 23rd. Potentially affected individuals can also contact consumer reporting agencies to place a free fraud alert or security freeze on their accounts, or the Federal Trade Commission to learn more about fraud alerts, credit freezes, or other identity theft resources.