At least 17 House members and hundreds of congressional staffers were affected by the DC Health Link data breach that was first reported on March 8, a spokesperson for the House Committee on House Administration confirmed to The Epoch Times on March 15.
Governed by Washington’s Health Benefit Exchange Authority, DC Health Link is the health insurance marketplace for residents of the district. The affected members of Congress, whose names have not been released, were among 56,415 total enrollees who had their personal identifiable information exposed on a public forum.
“Last week, it was discovered that a breach of data from DC Health Link included the personal identifiable information (PII) of several members, senators, staff, and their families,” noted Rep. Bryan Steil (R-Wis.), chairman of the Committee on House Administration, in a March 14 statement. “Immediately after learning of the breach, congressional leadership responded with a strong, nonpartisan response to ensure accountability and security. As a result, the DC Health Benefit Exchange Authority will provide credit monitoring to all members.”
The investigation, Steil added, is ongoing, with the chief administrative office, U.S Capitol Police, and House Sergeant at Arms each acting to assist those affected.
“I’m committed to protecting this institution,” he continued. “Moving forward, the Committee on House Administration will take action to hold bad actors accountable and avoid this occurring again in the future.”
According to DC Health Link, the DC Health Exchange Authority was first notified of the breach on March 6, after which an investigation was launched in coordination with law enforcement and a third-party forensics firm.
Sensitive information that was published included the enrollee’s name, Social Security number, date of birth, gender, address, email, phone number, race, ethnicity, citizenship status, health plan information, and employer information, though not all of those fields were compromised for every affected individual.
Two Groups Affected
In a March 14 update, DC Health Link said that it had identified two groups of people affected by the breach.The first group included those who were known to have had their information compromised because it was posted publicly. The second group included individuals whose information was stored in the same manner as those in the first group, but investigators found no evidence their data was accessed or downloaded.
The data review, the health exchange noted, was expected to be completed within the coming days.
“The issue which led to this data breach has been identified and eliminated. DC Health Link is working with third-party forensic experts to conduct a comprehensive review and to strengthen our security defenses.”
In a March 15 email to The Epoch Times, Adam Hudson, public information officer for the DC Health Benefit Exchange Authority, added: “We recognize the seriousness of this incident and we have reached out to impacted enrollees to provide three years of free identity and credit monitoring for all three major credit bureaus. The three years of monitoring protection includes all enrolled dependents, spouses and children. In addition, and out of an abundance of caution, we are offering the same three years of monitoring to all other customers, who were not impacted.
“While this remains an ongoing investigation, our services are running normally and we continue to operate in a state of heightened alert.”