Republican lawmakers on Capitol Hill revealed Wednesday a recent data breach at the DC Health Benefit Exchange Authority was worse than previously known and exposed sensitive data of Americans to criminals.
According to House Committee on Oversight and Accountability Subcommittee on Cybersecurity, Information Technology, and Government Innovation Chairwoman Nancy Mace, breached data belonging to countless individuals was sold on the dark web.
"The data breach we’re going to get to the bottom of today is of great concern to Members of Congress and staff who – along with many of their family members – participate in the DC Health Exchange," Mace said during a hearing on the matter Wednesday. "But the overwhelming majority – about ninety percent – of Exchange enrollees are not affiliated with Congress. They are people who get health insurance through the Exchange as individuals or as employees of one of the 5,000 participating small businesses."
"We know the recent data breach at the DC Health Benefit Exchange Authority resulted in the theft, sale, and public posting of confidential personal information of tens of thousands of individuals getting health insurance coverage via the Exchange," she continued. "And that may not be the full extent of the breach. Indeed, the vulnerability through which the breach occurred may have exposed the data of as many as 200,000 individuals to hackers. These excel spreadsheets sold and posted on the Dark Web contain dozens of data fields of personal information on each Exchange enrollee listed – Name, Age, Social Security Number, Telephone Numbers, Home Address, Mailing Address, Email Address, Employer, Health Plan, Health Insurance Premium, Race, Ethnicity, Citizenship Status and more."
Mila Kofman, Executive Director of the District of Columbia Health Benefit Exchange Authority, was repeatedly pressed about how the breach could have happened, what is being done to help victims whose information was stolen and how the agency is working to prevent the situation from happening again.
"The advent of AI is only going to make breaches like this even more vulnerable to personal data. It will only get worse if businesses and government agencies are ill prepared for what lies ahead."
— Oversight Committee (@GOPoversight) April 19, 2023
@RepNancyMace opens hearing on DC Health data breach. pic.twitter.com/od4RzV7oD1
“Are you going to fire the contractor or employee who created this breach issue?”
— Oversight Committee (@GOPoversight) April 19, 2023
@RepNancyMace demands accountability for the healthcare data breach that resulted in the sale of thousands of individuals’ information on the dark web. pic.twitter.com/9EQy2LS7Fy
On the Senate side, Republican Tim Scott is focused on accountability for another data breach at the Consumer Financial Protection Bureau and sent a letter to Director Rohit Chopra Wednesday asking for details.
"This data breach is an egregious lack of oversight by the CFPB. It is no secret that Director Chopra wants to collect more and more data in order to push out progressive regulations. Why should the CFPB be trusted to collect more data, burdening financial institutions and potentially limiting services for consumers, when they themselves have demonstrated an irresponsible handling of consumer’s financial information," Scott released in a statement. "This is particularly concerning in the face of the failures of SVB and Signature Bank. Our regulators and agencies need to take responsibility for their failures and must be held accountable.”
Editor’s note: A previous version of this story incorrectly stated the Consumer Protection Bureau is tasked with securing and protecting data on the DC Health Exchange. That is incorrect. A correction has also been made to reflect Senator Tim Scott’s work in response to a data breach at the Consumer Protection Bureau, not the DC Health Exchange, which suffered a separate breach. We regret the error.
Join the conversation as a VIP Member