• United States



Senior writer

Congressional health insurance service hit by data breach

Mar 09, 20232 mins
Data Breach

Personally identifiable information relating to members of Congress and their staff may have been exposed in a data breach incident.

A health insurance marketplace that provides coverage for members of the US Congress and congressional staffers was found to be compromised on Wednesday, according to a letter apparently sent from House Chief Administrative Officer Catherine L. Szpindor to members of that chamber.

Szpindor’s office would not directly confirm or deny the authenticity of the letter, which was first published on Twitter by a reporter for the right-wing Daily Caller news site. However, a spokesperson for the CAO’s office did confirm the data breach and pledged to communicate updates from law enforcement to affected legislators and staff.

Another spokesperson, for DC Health Link, also confirmed that personal information for “some DC Health Link customers” was exposed on a public forum, and added that an investigation is underway. “Concurrently, we are taking action to ensure the security and privacy of our users’ personal information,” DC Health Link said in a statement. “In addition, and out of an abundance caution, we will also provide credit monitoring services for all of our customers.”

Data breach affects thousands of government healthcare enrollees

According to the leaked letter, members of the House did not appear to be the specific targets of the attack, but it said that “thousands” of enrollees in DC Health Link were potentially affected. 

The FBI, DC Health Link, and the US Capitol Police are all a part of the investigation, according to statements, and the latter agency said that there were few details available to the public at this stage. “Our agents are assisting the FBI with the ongoing investigation,” a spokesperson from the Capitol Police’s Public Information Office said via email. “There is more work to do before law enforcement can provide more details.”

The House Administration Committee, headed by Representative Bryan Steil, a Wisconsin Republican, tweeted that it was “aware of the breach, and is working with the CAO to ensure the vendor takes necessary steps to protect the PII of any impacted member, staff, and their families.”

A joint letter, signed by both Speaker of the House Kevin McCarthy and minority leader Hakeem Jeffries and published on Twitter, asked the Executive Director of the DC Health Benefit Exchange Authority, Mila Kofman, to provide information on formal notification to affected members. It also asked for further detail on both the extent of the breach and on mitigation measures.

CSO will post updates as more information becomes available.