A court hearing is scheduled Dec. 4 to finalize a $7.6 million settlement that would pay people whose personal information was seized by hackers in a targeted cyber attack that temporarily crippled Hospital Sisters Health System in 2023.
The nonprofit health system, based in rural Sangamon County near Riverton, discovered the suspicious cyber activity “by an unauthorized third-party threat actor” on its computer network in mid- to late August 2023, according to Sangamon County Circuit Court documents.
The breach caused the personal information of almost 869,000 former and current patients to be disclosed and resulted in several lawsuits to be filed against HSHS, which posts about $2.8 billion in annual revenues and operates HSHS St. John’s Hospital in Springfield as its flagship.
The cases were consolidated in a class action lawsuit in January 2025, and a tentative settlement was reached this summer. The Dec. 4 hearing will be conducted by Circuit Judge Adam Giganti.
The breach temporarily disabled HSHS’ clinical, administrative and communication systems. Officials from HSHS, which has nine hospitals in Illinois and four hospitals in Wisconsin – including HSHS St. Francis in Litchfield and HSHS St. Mary’s in Decatur – haven’t said who was responsible for the attack or whether a ransom to resolve it was demanded or paid.
People affected by the attack were notified by mail this year and had until Nov. 14 to submit a claim. Each person had the option to request up to $5,000 in damages for documented out-of-pocket losses associated with the incident or to request an unspecified “alternative cash payment.”
A document from the settlement administrator said: “It is expected that a significant amount of money will remain in the settlement fund after all expenses and all other benefits have been paid. All of this remaining money will be divided equally between everyone who claims an alternative cash payment.”
Lawyers representing affected patients are in line to receive $2.6 million, in addition to other costs and expenses, from the settlement.
All class members are eligible to enroll in two years of CyEx Financial Shield, a comprehensive service that comes with $1 million in financial fraud insurance.
HSHS declined to answer most questions from Illinois Times about the cyber attack, including how much financial damage it caused to the system and what the system has done to prevent another such attack.
An HSHS spokesperson said in an emailed response: “HSHS denies any wrongdoing. Additionally, at the time of the settlement, no evidence was found that any personal information or protected health information was misused in instances of fraud or identity theft as a result of this incident. Individuals who may be a part of the settlement class received a notice in the mail in September. HSHS remains focused on providing the highest quality patient care.”
The son of a former HSHS St. John’s patient told Illinois Times that he filed for an alternative cash payment from the settlement on behalf of his mother, who died this summer. The Illinois man requested anonymity because of fears that his mother’s identity would be exploited further by hackers.
He said it’s possible that the HSHS data breach was the source of identity theft involving his mother that he learned about in recent months when hundreds of dollars in Verizon cellphones and Xfinity equipment were purchased and billed to his mother after her death.
The man said he was able to have the purchases canceled, but the experience was a hassle as he and other family members were dealing with grief from the loss of his mother, who was in her 80s.
“Everybody’s the victim here,” the man said. “You get all this anguish when you least need it. There are just a lot of immoral people out there. … This is one thing I didn’t think I’d have to deal with. Does this all go back to HSHS? I don’t know. Maybe. … There’s got to be a better way of keeping and storing this information.”
A 2025 report from IBM said the global average cost of a data breach was $4.4 million, a 9% decrease over 2024, because of “faster identification and containment.”
Dean Olsen is a senior staff writer with Illinois Times. He can be reached at 217-679-7810 or www.x.DeanOlsenIT.