DC Health Link, a programme that manages health care plans for members of Congress, had undergone a ‘significant data breach’ affecting ‘hundreds’ of members and staff on Capitol Hill.
The data breach that took place on Tuesday pertains to account data and personal identifiable information (PII) connected to hundreds of House lawmakers and staff, publication The Hill reported citing a letter from House chief administrative officer (CAO) Catherine L. Szpindor.
All House members and employees eligible for health insurance through the programme received the letter. Szpindor, who came to know from the US Capitol Police and DC Health Link, was unaware of the “size and scope of the breach.” She said it “potentially” exposed the PII of thousands of enrollees and pointed out that it is unlikely that lawmakers or the House “were the specific target of the attack.”
ALSO READ:US Senate Committee Votes In Favour Of Eric Garcetti For India Ambassador
In a separate notice, the Senate Sergeant at Arms wrote to the Senate email account holders that the DC Health Link breach “included the full names, date of enrollment, relationship (self, spouse, child), and email addresses,” but no other PII.
What’s DC Health Link?
It is basically a health insurance exchange for the District of Columbia, where residents can apply for and enroll in ObamaCare health plans. Congressional offices are required to use the DC exchange to provide insurance for members and staff.
DC Health Link spokesperson confirmed the breach to the publication saying it is cooperating with law enforcement and that a “comprehensive investigation” is ongoing.
“Concurrently, we are taking action to ensure the security and privacy of our users’ personal information,” the statement read. “We are in the process of notifying impacted customers and will provide identity and credit monitoring services. In addition, and out of an abundance of caution, we will also provide credit monitoring services for all of our customers.”
In a statement, the Federal Bureau of Investigation said it is “aware of this incident and is assisting” but declined to provide information citing “an ongoing investigation.”
Meanwhile, Speaker Kevin McCarthy and House Minority Leader Hakeem Jeffries called the incident “an egregious security breach” in a letter. Both of them have reached out to DC Health Link “to secure more information” so they can “best collaborate with CAO to address your needs in the coming days, weeks and months.”