WASHINGTON – Members of the House and Senate were informed Wednesday that hackers may have accessed their sensitive personal data in a breach of the Washington, DC, health insurance marketplace. The MLA’s staff and their families were also affected.
DC Health Link confirmed that data on an unspecified number of customers was affected and said it is notifying them and working with law enforcement. It said it is providing identity theft service to those affected and providing credit monitoring to all customers.
RELATED: Healthcare Data Breach
The FBI said it is aware of the incident and is assisting with the investigation.
A broker on an online crime forum claimed to have records on 170,000 DC Health Link customers and was offering them for sale for an unspecified amount. The broker claimed that they were stolen on Monday. Reached by The Associated Press over an encrypted chat site, the broker would not say whether the data was purchased and said it could not provide additional data to back the claim. They said they were acting on behalf of the seller, whom they identified as “Thekilob”.
A sample of the stolen data for a dozen Direct customers was posted on the site. This included social security numbers, addresses, names of employers, phone numbers, emails and addresses. By dialing a listed number the AP reached one of the dozen.
“Oh my God,” said the man when the information was made public. All 12 people listed work for the same company or are family members.
In an email to all Senate email account holders, the Sergeant at Arms said it was informed that the stolen data included the full names of insureds and family members. An email sent by the Office of the House Chief Administrative Officer on behalf of House Speaker Kevin McCarthy and Minority Leader Hakeem Jefferies called the breach “egregious” and promised to provide an update. It urged members to access credit and identity theft monitoring resources.
The Senate email recommended that anyone registered with the health insurance exchange freeze their credit to prevent identity theft.
Not a Modern Healthcare subscriber? Sign up today.
In an emailed statement, Representative Joe Morelle of New York said House leadership was notified by Capitol Police that DC HealthLink “suffered an exceptionally large data breach of enrolled information” that affected members, staff and their families. posed a “great risk” to the members of the “At this time the cause, size and scope of the data breach affecting DC Health Link still need to be determined by the FBI,” Morell said.
The hack follows several recent breaches affecting US agencies. Hackers breached US Marshals Service computer systems on February 17 and activated ransomware after stealing personally identifiable data about agency employees and targets of the investigation.
CNN reported in mid-February that an FBI computer system at the bureau’s New York field office was recently breached. When asked about that intrusion, the FBI issued a statement calling it “an isolated incident that has been brought under control”. declined further comment, including when it happened and whether ransomware was involved.
There was no indication that the health breach was related to ransomware.
Download Modern Healthcare’s app to stay informed on breaking industry news.