Illinois' Egyptian Health Department says December cyber attack impacted 120k individuals

Southern Illinois-based Egyptian Health Department said that a data security incident it suffered last year compromised the sensitive personal data of more than 120,000 individuals.

 

Egyptian Health Department is a public health department in southern Illinois that serves four counties- Saline, Gallatin, White, and Wayne. The health department was founded in 1952 and has offices in Eldorado, Harrisburg (Saline County), Carmi (White County), and Shawneetown (Gallatin County).

 

In a data breach notice filed with the Office of the Maine Attorney General, the health department said that on December 21, 2023, it detected unusual activity in its network and immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to contain the incident, including disconnecting all access to the affected network, and notified law enforcement about the incident.

 

The department’s investigation revealed that the sensitive personal information of individuals associated with the department was accessed by an unauthorised third party during the incident. The compromised data included names, addresses, dates of birth, Social Security Numbers, medical information, and health information.

 

In an initial filing with the U.S. Department of Health and Human Services Office for Civil Rights, EHD said it identified 100,000 individuals impacted by the data security incident. However, in its recent filing with the Maine State Attorney General, the department said that at least 121,995 individuals were impacted as a result of the data breach.

 

“Since the discovery of the incident, EHD moved quickly to investigate, respond, and confirm the security of our systems,” reads the notice. It also took steps to secure the affected network and avoid similar incidents in the future.

 

While EHD found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through Cyberscout to all affected individuals. “EHD sincerely apologizes for any inconvenience and is making every concerted effort to protect our employees and clients/patients,” it said.