**SENATE GOP LAUNCHES INQUIRY INTO Pritzker Administration's Handling of Illinois Health Records Breach**

Senate Republicans, led by Sen. Bill Cassidy (R-LA), are investigating the administration of Gov. JB Pritzker (D-IL) over its handling of a recent data breach that exposed the private health information of 700,000 state residents.

Cassidy, chairman of the Senate's health committee, has launched an inquiry into the Illinois Department of Human Services (IDHS) after it was discovered that sensitive health-related information had been left on a publicly accessible website for more than three years. The breach was revealed by Illinois officials in early January, months after it was initially discovered.

The inquiry comes as Cassidy seeks detailed records from the IDHS regarding its handling of the data breach and why notification to affected individuals was delayed until January, despite discovering the security incident in September 2025. Cassidy is also seeking information on the state's current cybersecurity protocols and what steps were previously taken to improve data security following a 2024 hacking into the Illinois Department of Human Services that exposed the private information of more than 1 million people.

In his letter to IDHS Secretary Dulce Quintero and Pritzker, Cassidy wrote, "Despite IDHS' role in helping vulnerable communities, its repeated failures to implement basic security processes highlight IDHS' disregard of its responsibility to over 4.6 million Illinois residents." The senator also expressed concerns that the state may have violated federal law under the Health Insurance Portability and Accountability Act (HIPAA) by failing to notify affected individuals and the public within 60 days of discovering the breach.

Cassidy's line of questioning includes:

• Why notification to affected parties was delayed until January, despite discovering the security incident in September 2025
• Information about the state's current cybersecurity protocols
• Steps taken previously to improve data security following the 2024 breach

Cassidy's inquiry into the Pritzker administration's handling of the data breach comes as the senator is fighting for reelection against a Trump-backed primary challenger. The high-stakes clash between Cassidy and Pritzker, who has been mentioned as a possible 2028 presidential candidate, sets the stage for a contentious debate over the state's commitment to data security.

The Illinois Department of Human Services did not respond to requests for comment on the inquiry. Cassidy laid out detailed questions in his letter and requested a response by February 25. As chairman of the Senate health committee, Cassidy holds immense subpoena power to compel information and testimony, putting pressure on the Pritzker administration to provide answers.

**Background on the Data Breach:**

The data breach was revealed by Illinois officials in early January, after discovering that sensitive health-related information had been left on a publicly accessible website for more than three years. The breach exposed the private health information of 700,000 state residents and included incorrect privacy settings on a state government website. In a news release, the IDHS stated that "the mapping website was unable to identify who viewed the maps" and that "to date, IDHS is unaware of any actual or attempted misuse of personal information as a result of this incident."

**Federal Law and HIPAA:**

Cassidy expressed concerns that the state may have violated federal law under the Health Insurance Portability and Accountability Act (HIPAA) by failing to notify affected individuals and the public within 60 days of discovering the breach. Under HIPAA, healthcare providers are required to notify affected individuals and the public no later than 60 days after discovering a breach.