Skip to main content
A doctor and woman discuss her prospects for an ovarian cancer lawsuit.

Erie Family Health Centers Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

A Chicago-based federally qualified health center is now at the center of a significant data security incident that may have exposed deeply personal information belonging to patients across the greater Chicago area. Erie Family Health Centers, which operates multiple community health clinics throughout Illinois, has notified patients that unauthorized individuals gained access to its network systems and may have viewed or acquired sensitive records.

If you received a notification letter from Erie Family Health Centers, or believe your information may have been affected, you may have legal rights and options worth exploring. Contact our data breach lawyers to investigate your claims. 

What Happened at Erie Family Health Centers

Erie Family Health Centers first became aware of the breach on January 27, 2026. Upon investigation with the assistance of outside cybersecurity specialists, the organization determined that its network had been subject to unauthorized access during a window spanning from December 10, 2025 to January 27, 2026. That is a period of approximately seven weeks during which an unknown party may have had access to patient data stored within Erie’s systems.

Erie has reported the incident to law enforcement and is in the process of mailing notification letters to individuals whose information was potentially involved.

What Information Was Potentially Exposed

The scope of potentially compromised data in this breach is extensive. According to Erie’s official notice, the type of information affected varies by individual but may have included:

  • Full name, address, phone number, and email address
  • Social Security number and driver’s license or state ID number
  • Taxpayer ID number and passport number
  • Financial account information and payment card information
  • Online account credentials, digital signatures, and biometric data
  • Date of birth and medical record or patient ID numbers
  • Medical treatment or diagnosis information and prescription records
  • Medicare or Medicaid numbers and health insurance information
  • Treatment cost information and encounter ID numbers

The breadth of this list is notable. When a breach involves both protected health information and financial data together, the potential for harm to affected individuals increases substantially. Victims may face risks including identity theft, fraudulent financial transactions, and medical identity theft, which can affect insurance coverage and billing records in ways that are difficult to detect and correct.

Erie’s Response

Erie has stated that its cloud-based electronic health record system was not affected by the intrusion, and that patient care continued without interruption throughout the incident.

Under the Health Insurance Portability and Accountability Act, or HIPAA, healthcare organizations that handle protected health information are required to implement reasonable and appropriate safeguards to prevent unauthorized access. When a breach occurs, affected individuals have the right to be notified and may have additional rights under both federal law and Illinois state law.

Illinois has its own data breach notification statute that places obligations on entities doing business in the state. When those obligations are not met, or when a breach is determined to result from inadequate security practices, affected individuals may have grounds to pursue legal action for damages. Damages in data breach litigation may include:

  • Costs associated with credit monitoring and identity theft remediation
  • Financial losses from fraudulent transactions
  • Loss of the value of personal and medical information
  • Time and expenses spent addressing the breach
  • Emotional distress caused by the ongoing risk of misuse
  • The increased and continuing threat of fraud and identity theft

How The Lyon Firm Can Help

The Lyon Firm represents individuals and classes of plaintiffs in data breach cases nationwide, including cases involving healthcare providers, community health organizations, and federally qualified health centers. Our attorneys evaluate whether an organization’s security practices met the legal standards required under HIPAA and applicable state law, and we pursue accountability on behalf of patients who have been harmed.

We handle data breach cases on a contingency fee basis, meaning there are no upfront legal costs to you. We advance all litigation expenses, allowing you to pursue justice without financial risk.

If you received a notification letter from Erie Family Health Centers or believe your information was involved in this breach, contact The Lyon Firm today for a free case review. Time limits apply to data breach claims, and early action helps preserve your legal options.

CONTACT THE LYON FIRM TODAY

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.