Ransomware, Threat Management, Breach

DC Health Link breach includes data of House members; FBI investigating

The rising sun strikes the U.S. Capitol dome

Hundreds of congressional leaders and staff had their data stolen by threat actors through DC Health Link, the health insurance marketplace for Washington. An email notifying House members and staff of the breach was first revealed by the Daily Caller.

Calling it a “significant data breach,” the Capitol Police and DC Health Link notified House of Representatives Chief Administrative Officer Catherine Szpindor late March 8 that the personally identifiable information of thousands of health insurance enrollees may have been exposed.

The scope and source of the hack is currently unknown. The FBI has confirmed that the account information and PII of “hundreds of members and staff” were included in the stolen information. 

However, the data appears to not only have been leaked online: the dark web posting on IntelBroker, is listed as “SOLD.” IntelBroker, or Endurance, emerged in October 2022 and uses a “small wiper malware written in C# using the .NET framework.”

A screengrab posted on Twitter shows IntelBroker first compromised the DC Health Link Health Benefit Exchange Authority in the early hours of Monday, March 6. The actor claims “to be in possession” of the data tied to 170,000 individuals.

A screen image via Twitter of stolen information from DC Health Link for sale on a hacking forum that includes personally identifiable information. (via @Video_Forensics)

The alleged stolen data includes subscriber, policy, and member IDs, full names, Social Security numbers, dates of birth, gender, benefit types, plan and carrier names, employers, home addresses, brokers, citizen status, work emails, and a host of other highly sensitive information that could readily identity users and their locations.

IntelBroker was seeking “an undisclosed amount in XMR cryptocurrency” and only wanted to work with a “middleman.”

It’s important to note the IntelBroker “group” is suspected to be a single actor, who claimed to have hacked several U.S. government agencies in November 2022. At the time, several security researchers indicated the previous ad could be a scam in an attempt for notoriety.

FBI says House members were not targeted in DC Health Link breach

For now, the FBI is leading the investigation that may clear up these details. House members were told that Szpindor expected “to have access to the list of impacted enrollees” and will inform the affected members if their data was found to be included in the stolen data.

“It’s important to note that, at this time, it does not appear that Members of the House of Representatives were the specific target of the attack,” Szpindor wrote. It’s currently unclear whether other plan enrollees were affected.

House Speaker Rep. Kevin McCarthy, D-Calif., and House Minority Leader Rep. Hakeem Jeffries, D-N.Y., have already sent inquiries to DC Health Link to determine just what data was stolen, individuals impacted, and steps the insurer is taking to protect House members from the breach fallout.

The incident joins an earlier hack of the U.S. Marshals Service last month. Officials reported that the division of the Department of Justice discovered ransomware deployed on a stand-alone U.S. Marshals’ system where data was exfiltrated, including law enforcement officials’ legal process returns, administrative data, and personally identifiable information.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.