Erie Family Health Centres data breach impacted over 570,000 individuals

Illinois-based healthcare provider Erie Family Health Centers said a data security incident it suffered last year compromised the sensitive personal information of more than 570,000 individuals.

Erie Family Health Centers is a network of 13 Federally Qualified Health Centers (FQHCs) serving Chicagoland and Lake County, Illinois. It provides comprehensive healthcare services including primary care, pediatrics, prenatal, dental, behavioural health, chronic disease management, and substance use treatment.

 

In a data security incident notice posted on its website, Erie said that on January 27, it identified unauthorised access to its internal network. The healthcare provider immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“The investigation determined that our network was subject to unauthorised access between December 10, 2025 and January 27, 2026,” reads the notice.

 

The compromised data included individuals’ names, addresses, phone numbers, email addresses, Social Security numbers, driver’s license or state ID numbers, taxpayer ID numbers, passport numbers, financial account information, payment card information, online account credentials, digital signature, biometric data, dates of birth, medical treatment or diagnosis information, Medicare/Medicaid numbers and more.

 

In a filing with the U.S. Department of Health and Human Services Office for Civil Rights, Erie said that it has identified at least 570,000 individuals affected by the incident.

 

“Upon learning of this incident, we immediately began an investigation and reported the incident to law enforcement. We also strengthened our network security to help prevent similar incidents from occurring in the future and undertook a thorough review of the information to identify potentially affected individuals,” the healthcare provider added.

 

Erie has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. It has also offered complimentary identity protection and credit monitoring services to all affected individuals.

 

At the time of publishing, no known hacker group has claimed responsibility for the cyber attack on Erie. The healthcare provider also did not share details on who was behind the attack, how much data was compromised, or whether it had received a ransom demand.