Share this article and save a life!
700,000 Medicaid patients just learned their data was public for 3 years.
Illinois Department of Human Services accidentally published internal planning maps with patient data to a public website. The breach ran from 2021 to 2025 before anyone noticed.
Think about that: 3+ years of exposed addresses, case numbers, medical assistance plans, and demographic data. All because someone clicked the wrong privacy setting.
📊 The damage:
• 672,616 Medicaid/Medicare recipients exposed
• 32,401 rehabilitation services patients compromised
• Data included addresses, case details, referral sources
• Breach discovered September 2025, announced January 2026 (102 days later)
Here’s what keeps me up at night:
This wasn’t sophisticated hackers. This wasn’t ransomware. This was human error with privacy settings on a mapping tool.
How many other state health systems are unknowingly exposing data right now? How many misconfigured databases, forgotten test servers, or public cloud storage buckets contain PHI?
The scariest part: IDHS can’t tell who accessed this data during those 3 years. They say there’s no evidence of misuse, but how would they know?
This breach reveals three uncomfortable truths about healthcare cybersecurity:
1. We’re terrible at detecting long-term exposures
2. Government health systems often lack basic security hygiene
3. The 60-day breach notification rule isn’t being enforced (they took 102 days)
Every FQHC, hospital, and health system should ask themselves: When did we last audit our public-facing systems? Who’s checking that our “internal” tools are actually internal?
Because if a state health department can accidentally publish 700,000 records for 3 years without noticing, what are the odds smaller organizations are doing better?
The real tragedy here isn’t just the breach. It’s that these were Medicaid patients, our most vulnerable populations, who trusted the state with their data.
We owe them better than “oops, wrong setting.”
♻️ Repost if healthcare needs mandatory security audits for public systems.
👉 Follow me, Jonathan Govette, for daily, real-time updates on healthcare technology and business news. LinkedIn Profile: https://www.linkedin.com/in/jonathangovette/
Share this article and save a life!
Author:
Jonathan Govette is a seasoned healthcare and technology executive with more than two decades of experience building, scaling, and advising digital health companies. He is the Co-Founder and CEO of Oatmeal Health, an AI-driven Lung Cancer Screening and Diagnostics company focused on expanding access to early detection for underrepresented populations, particularly patients served by Federally Qualified Health Centers and value-based health plans.
With a background in engineering, product development, and strategic partnerships, Jonathan has founded and led multiple health technology ventures across clinical care delivery, regulated medical software, and AI-enabled diagnostics. His work sits at the intersection of medicine, technology, and health equity, with a consistent focus on translating complex clinical problems into scalable, real-world solutions.
Jonathan has spent much of his professional life dedicated to improving outcomes for marginalized and underserved communities. He has designed and implemented frameworks that align clinical quality, reimbursement, and technology to sustainably advance health equity at scale. This mission is deeply personal and informs his leadership philosophy and long-term vision for healthcare transformation.
In addition to his operating experience, Jonathan is an author and long-time writer in the healthcare domain, with over 20 years of published work covering digital health, medical innovation, and healthcare systems. He is a frequent mentor to early-stage founders and regularly advises startups on product strategy, partnerships, and go-to-market execution in regulated healthcare environments.
Before entering industry full-time, Jonathan nearly pursued a career in medicine with an early path toward cardiothoracic surgery, an experience that continues to shape his clinical perspective and respect for frontline care delivery.
CEO | Oatmeal Health | AI Lung Cancer Startup | Engineer | Writer | Almost Became a Doctor (Cardiac Thoracic Surgeon) | 3x Health Tech Founder | Startup Mentor | Follow to share what I’ve learned along the way.
