Erie Family Health Center impacted in another breach this year

The Chicago-based network of health centers is notifying individuals of a data breach, the second to impact the network this year.

What happened

According to the notice published by Erie Family Health Centers (“Erie”), the network, which provides medical, dental, and behavioral health services regardless of payment ability, first learned of the incident on January 27th, 2026. On that day, Erie learned of potentially unauthorized access into their network and immediately began to investigate and respond to the incident. Erie ultimately notified the Department of Health and Human Services (HHS) on March 27th, 2026, although the breach notice was posted more recently. In the notice, Erie stated that 570,000 individuals had been impacted.

Going deeper

In the web notice, Erie stated that the investigation determined that their network had been the victim of unauthorized access between December 10th, 2025, and January 27th, 2026. Accessed information included patient names, addresses, phone numbers, email addresses, Social Security numbers, driver’s license/state ID number, taxpayer ID number, passport numbers, financial account information, and payment information. The breach also included biometric data and treatment information, like diagnosis and prescription data, alongside online account credentials and digital signature information.

In response to the incident, Erie said they will be mailing notice letters to impacted individuals, so long as they have address information. The letters will detail additional steps individuals can take.

In the know

For Erie, this is the second data breach to be announced in 2026. The network was also the victim of a massive data breach at TriZetto, a provider of revenue cycle management and claims clearinghouse services at the end of 2025, although details of the incident took several months to be fully realized. That incident impacted approximately 3.4 million individuals. In this incident, TriZetto largely handled the notification process and is currently being investigated by multiple law firms that are interested in pursuing a class action case.

The big picture

Two data breaches against a health system, especially for an organization that provides care no matter an individual's ability to pay, can be financially devastating. Hospitals operate on incredibly tight margins, a trend that has only increased in recent years. Recent averages show that hospitals only profit around 6% yearly, a number that can suddenly decrease due to labor or supply costs. Unexpected costs, like those related to suddenly increasing cybersecurity systems or resolving a data breach, can quickly lead to budget shortfalls that are difficult to rectify. These financial implications directly impact patients, especially disadvantaged communities that may be unable to afford treatment elsewhere. If Erie faces financial shortfalls, it may mean they are no longer able to provide all the services they currently due at the scale.

FAQs

Did poor cybersecurity systems and protocols lead to these breaches?

In the TriZetto case, Erie’s systems were not responsible for the breach. In the second case, although it hasn’t been revealed how Erie was infiltrated, the incident likely could have been prevented with better systems or protocols. Erie stated they are actively working to improve their systems so an event like this is prevented in the future.

Why was so much data part of the breach?

Hospitals collect numerous amounts of data for different purposes. While some organizations store this data in different networks, Erie seemed to have stored it together. When the network was breached, it revealed a significant amount of protected health information (PHI)