Lawmakers and Capitol Hill Staff Get Hit By a Cyber Attack on DC Health Link
Table of Contents
- By Steven
- Mar 10, 2023
DC Health Link is part of the Affordable Care Act online marketplace of health insurance plans. The service provides health care to members of Congress as well as many staff members throughout Capitol Hill. This healthcare service was recently the victim of a cyber attack and suffered a serious data breach that exposed hundreds of politicians and Capitol Hill staff members.
How Did the Attack Occur?
On Tuesday, March 7th, the Washington D.C. health insurance marketplace suffered from a serious data breach that exposed hundreds of lawmakers and local staff members. The attack was presumably conducted by a team of hackers, though experts don't believe that lawmakers were specifically targeted by the attack. Either way, personal information about lawmakers and their family members was obtained in the attack on the network, and the FBI is still sorting through the mess. We don't yet have details about how the attackers were able to breach the network and whether the attack exploited a security vulnerability or if it relied on executing a phishing attack against one of the internal employees.
What Information Was Viewed or Stolen?
Information about the lawmakers, including their full names, family members, email addresses, and the date of enrollment into the insurance program, was obtained by the attackers that breached the health insurance data network. Experts don't believe that any other personal information was taken from the servers during the phishing attack. The information that was stolen could still be used in harmful ways, though, even if no financial account details were released as a result.
How Did Lawmakers Admit to the Breach?
Catherine L. Szpindor, Chief Administrative Officer, admitted to the breach in a letter received by NBC News. In the letter, Szpindor states that the FBI and the U.S. Capitol Police notified lawmakers about the attack on DC Health Link and stated that FBI officials are still sorting through the attack and identifying any stolen information.
What Will Become of the Stolen Information?
It isn't currently clear what the attackers will do with the stolen information. They may attempt to sell or exploit the personal information, but it appears to only be health and some simple identification information rather than truly harmful financial information. We're still waiting for the final results of the investigation to know how much damage was truly caused. Anyone that's identified as being at risk by this cyber attack will be notified directly so they can take appropriate action to protect themselves.
What Should Affected Parties Do in the Aftermath of the Breach?
The total extent of the attack is still unclear, but anyone impacted should monitor their credit closely for any strange activity. The most concerned about this attack can take things a step further and put a freeze on their credit and their family members' credit. Initiating a credit freeze stops the attackers from using gathered information to open fraudulent lines of credit and accounts. Affected parties are also being provided with credit monitoring services and are encouraged to utilize them for their protection.