Breach of Healthcare Organization Exposes Data for U.S. House Members and Staff

Category: Data Breach | Industry: Healthcare | Level: Strategic | Source: BleepingComputer

The theft of sensitive personal information from the servers of DC Health Link, an organization that manages the healthcare plans of U.S. House members, their staff, and their families, has resulted in an ongoing investigation by the FBI into a data breach impacting these individuals. A breach notification was sent to the individuals by the U.S. House Chief Administrative Officer, Catherine L. Szpindor describing the incident as a "significant data breach." Adding the scope of the breach is not yet known, "but have been informed by the Federal Bureau of Investigation (FBI) that account information and Pit of hundreds of Member and House staff were stolen." However, the notification email does not reveal the type of data stolen, a report from BleepingComputer identified the sale of the stolen data by the threat actor, IntelBroker. A review of the sample dataset found "information of roughly 170,000 affected individuals, including their names, dates of birth, addresses, email addresses, phone numbers, Social Security Numbers, and much more."

‍