A hack into the private data of a healthcare marketplace may have exposed confidential information regarding members of the House of Representatives and employees at the Capitol. Per a report by Associated Press on March 8, the hack’s target was DC Health Link, the health insurance marketplace portal for the District of Columbia. What information has been compromised is still an open question. A person claiming to be the hacker has offered the records of 170,000 DC Health Link employees on an anonymous forum, though when contacted by AP via encrypted chat, the individual offered no further details or proof of stolen information.
Healthcare information is a popular target for cybercrime. Data security at health providers and health insurance companies can be lax, with potentially disastrous results for the privacy of patients. Stolen login credentials can be used for identity theft, while other private health information may be illegally exploited for extortion and other crimes. More than 40 million people had health information illegally leaked or otherwise exposed in 2021 alone.
Secrets and their consequences
Major hacks targeting government employees have happened before. Two major hacks took place in 2015, both probable cyberattacks by Chinese state actors. The first attack targeted the Office of Personnel Management, exposing the private information of over 4 million civil servants, while another attack exposed data collected in the course of performing federal background checks and security clearances. In this case, while DC Health Link is district-run rather than a federal agency, its role as a health insurance marketplace to Washington DC may allow hackers to expose private information on a nationwide scale.
As yet, the full consequences of this hack are unknown. As of March 9, the self-identified hacker, who used the alias “thekilob” in the course of attempting to sell the information, is not known to have either used or sold any data at the time of writing. DC Health Link has already begun an internal investigation, assisted by the FBI. According to AP, DC Health Link has also informed all potentially affected customers, providing credit protection and anti-identity theft tools.