Congress members’ personal data exposed in DC Health Link Breach

Congress members' personal data exposed in DC Health Link Breach

Addressing the executive director of DC Health Benefit Exchange Authority, McCarty and Hakeem outlined that thousands of House members, employees, and their families have enrolled in health insurance through DC Health Link, indicating that the full size and scope of the breach could be significant.

The letter also confirmed that the FBI has been investigating the incident and has been able to determine that the stolen data was made available for purchase in the dark web.

.@SpeakerMcCarthy & Minority Leader Jeffries’ letter regarding the DC Health Link data breach: pic.twitter.com/v6H3VtdGX4


— Mark Bednar (@MarkBednar) March 9, 2023

Some cybercriminals have already claimed responsibility for the hack, according to a report by the Associated Press, with one hacker boasting that he had stolen more than 55,000 records and exclaiming “Glory to Russia” in Cyrillic.

An internal memo sent to House staff obtained by NPR recommended the use of credit and identity theft monitoring resources. A similar memo sent out to all Senate email account holders said that anyone registered on the health insurance exchange should freeze their credit to prevent identity theft.

In response to the breach, DC Health Link said that it has “initiated a comprehensive investigation” with the help of forensic investigators and law enforcement.

“Concurrently, we are taking action to ensure the security and privacy of our users’ personal information. We are in the process of notifying impacted customers and will provide identity and credit monitoring services,” DC Health Link said in a statement. “In addition, and out of an abundance of caution, we will also provide credit monitoring services for all of our customers.”

See also  Allianz to serve global commercial insurance segment as one go-to-market business

A cyber threats index by the insurer Coalition revealed that 94% of organizations had at least one unencrypted service exposed to the internet in 2022. It also predicted a 13% increase in the number of new cyber vulnerabilities and exposures per month for 2023.