FBI is Investigating DC Health Link Data Breach
The US FBI is investigating a data breach that has affected personal information of US House of Representatives members and staff. Health insurance marketplace DC Health Link, which administers the healthcare plans for House members, staff, and families, acknowledged the breach earlier this week. Legislators learned of the incident through a letter from the House Chief Administrative Office.
The good news on this incident is that House Speaker Kevin McCarthy, R-Calif., and Minority Leader Hakeem Jeffries, D-N.Y., sent a letter to the DC Health Link saying the “incident significantly increases the risk that Members, staff and their families will experience identity theft, financial crimes, and physical threats.” Sometimes, not always, when lack of regulatory backing for raising the cybersecurity bar personally impacts politicians, we see progress.
This breach didn’t target the legislators directly even though their data was breached and is marked as SOLD in Intellibroker on the dark web. Here is the thing, whether or not your users were targeted or their data was taken, and possibly sold, it still hurts and they are going to be upset. Be proactive in notifying affected users, as DC Health was, and consider how you would feel if it’s your data. Don’t hold back on offering credit protection, including hand holding for those unfamiliar with this. Plan to engage an outside form to help with the investigation and recovery, your team is going to be need support, to include independent confirmation of their findings. Make sure your plan is both written down and verified as viable.
This cyber breach has garnered much attention because it involves the US House of Representatives. While not a straight-up ransomware attack, the information was made available for purchase and in this case, a subset was purchased. Bottomline, the evil doer obtained a payout.
Read more in
Bleeping Computer: FBI investigates data breach impacting U.S. House members and staff
Gov Infosecurity: Hackers Sell US Lawmaker Data Stolen From Insurance Market
Washington Post: Personal details of U.S. House members exposed in health data breach