Hundreds of members of congress affected by data breach

DC Health Link, the provider of health insurance for those in the United States (US) Government, has suffered a data breach that affects over 50,000 people. 

The breach, which took place on March 6, saw an unauthorized party gain access to the data of 56,415 current and past customers of DC Health Link, including 585 staff members and 17 members of the US Congress. 

In a message sent to employees on March 8, the US House of Representatives explained that the data breach has “potentially expos[ed] the Personal Identifiable Information (PII) of thousands of enrollees”.  
After the breach was discovered, DC Health Link reported it to the FBI and Google-owned cyber security firm Madinat. Following this, the health insurance company notified six other federal agencies whose employees use DC Health Link for their health insurance. 

Mila Kofman, executive director of DC Health Link, submitted documents ahead of her testimony before the House Oversight Committee on April 19, revealing that the data breach was caused by a misconfigured cloud server.

This misconfiguration was, according to Kofman, caused by human error rather than malicious intentions, and once discovered was shut down immediately by the security manager at DC Health Link. 

When surveyed by Cyber Security Hub, one in four (25 percent) of cyber security professionals said that their companies were investing in cloud security capabilities. As more companies invest in and migrate to the cloud, they should be aware of the risks and ensure that protections are put in place to prevent attacks and breaches.

Matt Kerr, CEO and founder of appliance repair site Appliance Geeked, notes that while the cloud-based data storage can be equipped with cyber security measures to prevent data breaches, if a company hosts a large amount of valuable customer data, even a partial breach can have far-reaching negative effects.

This is because a company’s cloud storage contains “enormous hoards of extraordinarily valuable data”, even if an attacker only gains access to a fraction of this data, they can do real damage with it. 

You May Also Like

  • Blizzard Entertainment hit by DDoS attack

  • IOTW: A full timeline of the MOVEit cyber attack

  • PwC and EY impacted by MOVEit cyber attack

  • BlackCat threatens to leak 80GB of Reddit data