(USNewsBreak.com) – Data breaches affect millions of people each year. These incidents occur when there’s an unknown vulnerability or an institution doesn’t have enough safeguards in place to prevent hackers from gaining access to sensitive information. Last month, a Washington, DC, health exchange was affected by its own data breach, and new information is coming to light.
On March 6, DC Health Link learned that some of its information had been exposed, and it employed Mandiant, a cybersecurity firm, to investigate the root. The firm discovered the cause just two days later and shut it down, but the damage was done. In a statement, Mila Kofman, the health exchange’s executive director, said the hack affected more than 56,000 people including nearly 600 congressional workers and 17 members of the House of Representatives.
The recent data breach of personal information for thousands of users of Washington D.C.'s health insurance exchange, including members of Congress, was caused by basic human error, according to a top administrator.https://t.co/kYRxkMynfh
— 7News DC (@7NewsDC) April 19, 2023
The breach involved two reports containing sensitive information, such as Social Security numbers, birthdays, and names, enough to do some damage to one’s identity. The files were reportedly offered up for sale on an online hacking forum.
During the course of the investigation, Mandiant discovered the source was human error. The cause — a misconfigured cloud server — introduced a security flaw that overrode the need for authentication to access the stolen reports. Kofman said the misconfiguration was not intentional.
Kofman apologized on behalf of the health insurance exchange, saying the company “remain[s] committed to being open and transparent” about the incident and what comes next. It has offered to cover identity theft protection and credit monitoring services for all of those affected.
On Wednesday, April 19, the House Oversight Committee’s Subcommittee on Cybersecurity, Information Technology, and Government Innovation held a hearing about the breach. The panel discussed the actual nature of the incident and asked questions to gain more understanding of how it happened, the steps being taken, and how to prevent future occurrences.
Copyright 2023, USNewsBreak.com