Hundreds of members of Congress and their staffs this week were hit by a data breach of their health records in the District of Columbia’s health insurance marketplace.
Both the FBI and U.S. Capitol Police are investigating the breach of DC Health Link, the marketplace set up under the Affordable Care Act — an act that may have impacted hundreds of lawmakers and staff, NBC News reports.
In a message to staffers on Wednesday, chief administrative officer Catherine Szpindor said the size and scope of the attack are not yet clear.
- But, she said, it does not appear that members of the House were specifically targeted in the attack.
- “Speaker McCarthy and Democratic Leader Jeffries have formally requested additional information from DC Health Link on what data was taken, who was impacted, and what steps they are taking to protect House victims of this breach,” the message said.
The letter to Mila Kofman, the executive director of the D.C. Health Benefit Exchange Authority, a copy of which was obtained by Axios, says the data breach involved the personally identifiable information of House members, employees and their family members.
- “The [FBI] also informed us that they were able to purchase this PII, along with other enrollee information, on the ‘dark web,’ breached from your system,” the congressional leaders wrote.
- They said the information includes the the names of spouses and children, Social Security numbers and home addresses.
- The letter asks when individuals affected by the breach will be notified, what services will be offered in response, what information was stolen and from whom, the precise number of congressional personnel affected the breach and the steps being taken to ensure future security.
DC Health Link officials in an emailed statement confirmed reports that data for some customers was exposed on a public forum.
- “We have initiated a comprehensive investigation and are working with forensic investigators and law enforcement,” they said. “Concurrently, we are taking action to ensure the security and privacy of our users’ personal information.”
- They are also providing credit monitoring services for all customers “out of an abundance of caution,” they said.