On January 25, 2023, Lutheran Social Services of Illinois (“LSSI”) filed notice of a data breach with the Attorney General of Maine following a ransomware attack that compromised confidential patient information stored on the company’s computer network. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, dates of birth, Social Security numbers, financial account information, driver's license numbers, biometric information, medical diagnosis and treatment information, and health insurance information. After confirming that consumer data was leaked, LSSI began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you currently receive services from Lutheran Social Services of Illinois or did in the past, any information you provided to the company may now be in the hands of the criminals who orchestrated the ransomware attack. As we’ve discussed in prior posts, this greatly increases the chances that you will end up experiencing identity theft or other frauds. However, as a data breach victim, you have rights, including the right to pursue a legal claim against any company that negligently leaks your information. While it’s too early to tell if Lutheran Social Services of Illinois was negligent in the maintenance of patient data, data breach lawyers are in the midst of reviewing the situation to properly advise victims of all of their options.

What We Know So Far About the Lutheran Social Services of Illinois Breach

The available information regarding the Lutheran Social Services of Illinois breach comes from the company’s filing with the Maine Attorney General. According to this source, LSSI first learned of the ransomware attack on January 27, 2022. In response, the LSSI disabled the affected networks and began working with an external cybersecurity firm to assist with its investigation.

As a result of the LSSI investigation, the company confirmed that certain files contained on its network were accessible to the hackers who carried out the ransomware attack between December 31, 2021 and January 27, 2022. LSSI was also able to determine that some of these files contained confidential patient information.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Lutheran Social Services of Illinois began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, date of birth, Social Security number, financial account information, driver's license number, biometric information, medical diagnosis and treatment information, and health insurance information.

On January 25, 2023, Lutheran Social Services of Illinois sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Lutheran Social Services of Illinois

Founded in 1867, Lutheran Social Services of Illinois is a non-profit organization that provides a variety of services to the local community. Some of the services provided by LSSI include providing affordable housing, home-based care for seniors, programs for intellectually and developmentally disabled individuals, mental health and addiction services, and prisoner ministry services. Lutheran Social Services of Illinois employs more than 741 people and generates approximately $69 million in annual revenue.