U.S. Senator Bill Cassidy, M.D. (R-LA), who serves as chair of the Senate Health, Education, Labor, and Pensions (HELP) Committee, has criticized Illinois Governor JB Pritzker after a series of cybersecurity incidents involving the Illinois Department of Human Services (IDHS). These breaches exposed sensitive health data belonging to hundreds of thousands of Americans and have raised concerns about delays in critical services for families.
Earlier this year, IDHS acknowledged that a cyberbreach had resulted in the exposure of private health information for 700,000 individuals over four years. In a separate incident in 2024, hostile actors accessed records—including Social Security numbers—of 1.1 million people through an attack on IDHS systems.
Despite these incidents spanning several years, Cassidy contends that both Governor Pritzker and IDHS have not taken sufficient action to improve cybersecurity measures. He notes that these failures jeopardize personal data security and could disrupt access to food assistance, healthcare, housing support, and childcare services relied upon by Illinois residents.
Cassidy wrote: “Protecting the privacy and security of sensitive health information is essential to ensure that patients receive the best care and that their information is not misused.” He added: “Despite IDHS’ role in helping vulnerable communities, its repeated failures to implement basic security processes highlight IDHS’ disregard of its responsibility to over 4.6 million Illinois residents.”
In response to ongoing concerns about healthcare data protection nationwide, Cassidy previously introduced the Health Care Cybersecurity and Resilience Act. He has also led investigations into cybersecurity lapses at organizations such as OPEXUS and UnitedHealth Group.
In his letter addressed to Secretary Quintero regarding the recent breach announced by IDHS on January 2, 2026—which made protected health information publicly accessible since April 2021 due to incorrect privacy settings—Cassidy posed several questions about how IDHS responded once it became aware of the issue on September 22, 2025. He asked what immediate steps were taken by IDHS; whether any state or federal entities were notified; details about existing security practices; results from any recent IT infrastructure audits; reasons for delayed notification beyond HIPAA requirements; efforts being made to inform affected individuals; and whether credit monitoring or other support services would be provided.
Cassidy’s inquiry also referenced previous incidents involving large-scale exposure of consumer records at IDHS in 2024 and requested information on remedial actions implemented since then.
The Senate Health, Education, Labor, and Pensions Committee oversees federal laws related to public health policy across the United States and plays a central role in shaping regulations affecting healthcare delivery (official website). Under Cassidy's leadership during the 119th Congress (official website), the committee has maintained oversight responsibilities for agencies involved with federal policy in health sectors (official website) including entities like FDA and NIH (official website).
For more updates from HELP Republicans visit their website or follow @GOPHELP on Twitter.
