Speaking to the executive director of the D.C. Health Benefit Exchange, McCarty and Hakim explained that thousands of House members, staff, and their families have enrolled in health insurance through the DC Health Link, suggesting that the full size and scope of the breach could be significant.
The message also confirmed that the FBI was investigating the incident and was able to determine that the stolen data was available for purchase on the dark web.
.@tweet & Minority Leader Jefferies’ letter on the DC Health Link data breach: pic.twitter.com/v6H3VtdGX4
– Mark Bednar March 9, 2023
Some cybercriminals have already claimed responsibility for the hack, according to a report from the Associated Press, in which one hacker boasted that he had stolen more than 55,000 records and chanted “Glory to Russia” in Cyrillic.
An internal memo sent to the House staff obtained by NPR recommended the use of credit and identity theft monitoring resources. A similar memo sent to all Senate email account holders said that anyone registered with the health insurance exchange should freeze their credit to prevent identity theft.
In response to the breach, DC Health Link said it has “launched a thorough investigation” with the help of forensic investigators and law enforcement.
“At the same time, we are taking measures to ensure the security and privacy of our users’ personal information. We are in the process of notifying affected customers and will provide identity and credit monitoring services,” DC Health Link said in a statement. “In addition, and out of an abundance of caution, we will also provide credit monitoring services to all our clients.”
The Cyber Threat Index by the consortium insurer revealed that 94% of organizations had at least one unencrypted service vulnerable to the Internet in 2022. It also predicted a 13% increase in the number of new cyber vulnerabilities and exposures per month for 2023.