Members of the House, Senate, and their families were all profoundly impacted by an inexcusable data breach of the Washington, D.C., health insurance marketplace on Monday. DC Health Link, tasked with informing and notifying the affected customers, confirmed that the breach had happened and that sensitive personal data was potentially exposed by a malicious hacker. The FBI has since become involved to assit with the investigation and has opened a case to determine the cause, size, and scope of the incident.
The hacker made a post on an online crime forum claiming to have records on approximately 170,000 DC Health Link customers, and was offering them for sale for some unspecified amount. The post even included a sample set of data stolen from twelve individuals. The Associated Press contacted one of the twelve people by calling the phone number listed, to which the person exclaimed “oh my God” when informed their data had been made public. These twelve individuals were all connected one way or another; either by being family members or by working for the same company.
When the malicious attack was discovered, both the House and the Senate sent email notifications to their members; the Senate Sergeant of Arms informed employees that the data taken included the names of the insured and family members, while the House called the breach “egregious” and promised to update members. The Senate also recommended that members contact the health insurance exchange and freeze their credit immediately in order to prevent identity theft. The congressman for New York, Joe Morelle, stated that the breach had a “great risk” posed to the members and families.
The assault on the District of Columbia’s health insurance marketplace follows a string of other security incidents- hacks into the U.S. Marshals Service computer system, a breach of an FBI computer system at its New York field office, etc.- so one has to ask if all this data loss will become part of a bigger trend, thus leaving our most private information and data vulnerable?
The severity of the District of Columbia’s health insuance data breach serves as a stark reminder of the importance of cyber security and is a call to action for all those entrusting sensitive information to third parties. The privacy and security of personal data should be a top priority and vigilant measures must be taken to further protect against further loss of data. We encourage all those affected by this breach to take action quickly and set up credit and identity monitoring services.