This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| 1 minute read

DC Health Insurance Exchange Breach Affects Power Figures

Law enforcement is working with the health insurance exchange for the District of Columbia, which in early March reported a data breach relating to its base of health insurance customers. Lobbying firm employees, including from a firm that has sent several alums to the White House, a "prominent" former defense official, and others are reported to have been among the individuals whose information was compromised. At least two users have posted the data to internet forums where hackers sell such information. One claimed that “the intended target WAS U.S. Politicians and members of U.S. Government,” and has a signature that reads "Glory to Russia!"

Why It Matters

Data breaches have become so commonplace that we almost ignore them in the news. Each of us as a consumer has probably received a dozen email notices in the last two years alerting us to a data breach related to a site or app that we use. Most of us are accustomed to resetting a password and just moving on, without a lot of concern.

The breach of the DC insurance exchange, however, reminds us what is really at stake when threat actors come looking for information: the true target isn't necessarily the information they get. What they often want is to parlay that information into a greater threat. A "bad guy" with access to the health information of powerful individuals in the government poses national security risks.  

By the same token, a commercial entity that holds confidential, proprietary, or sensitive data about its clients -- health-related or not -- may find itself a target of threat actors who are trying to collect and compile information that can be used to compromise systems and sectors, not just individual persons. Taking care of that information through good security measures, training, and planning is critical.  

Security experts caution that the consequences of a breach like this are difficult to predict. “The hard thing about this kind of data breach is it’s not just the data alone, it’s when you combine the data with other data sets that nation states or bad actors might have,” said Jamil Jaffer, founder and executive director of the National Security Institute at George Mason University. Jaffer called the breach “deeply concerning” especially given that it may affect members of Congress and their staff.


data security and privacy, hill_mitzi, insights